Report of: The Group Finance Director

Purpose of the report: To present a proposal for the adoption of a revised Risk Management Strategy and Toolkit detailed in Appendix 1 and to provide an update on the ongoing review of the Corporate Risk Register, and the current risks in the Service Risk Register.

Recommendation(s): That the Committee resolves to:

1.    Note the outcome of the review of the Risk Management Strategy and Toolkit, indicating that they are satisfied with the risk management process and approve it.

2.    Note the review of the Corporate Risk Register being undertaken by the Corporate Leadership Team and risk owners and receive the risk register for review at its next meeting in order that it can be satisfied that corporate risks are identified and managed.

3.    Review the Service Risk Register.

Nigel Kennedy, Group Finance Director, and Roger Martin, Insurance, Risk Management and Business Continuity Manager, were present to answer questions. 

Councillor Harley sought clarification regarding the headings on point 14 of page 10 of the report, to which the Insurance, Risk Management and Business Continuity Manager explained that this was caused by a six-month gap in reporting during 2024 when a report did not go to the Committee.   

Councillor Smith and Councillor Railton joined the meeting. 

The Chair invited the Insurance, Risk Management and Business Continuity Manager to summarise the report.  

The Insurance, Risk Management and Business Continuity Officer reminded the Committee that prior to the document enclosed in appendix 1, the risk management strategy and toolkit had not been updated since 2023. The report defines risks as that which may jeopardise the achievements of the Council’s priorities and provides the services identified in its business plans and delivery of statutory duties. The Committee understood that the report outlined the roles and responsibilities of those within the Council, it divided risks into categories, and it analysed the Council’s risk appetite through classifications of low, medium and high. The Insurance, Risk Management and Business Continuity Manager noted that the Corporate Leadership Team had approved the contents of the report. In regards the Corporate Risk Register, the Committee also heard that a review is ongoing to ensure the correct identification and assessment of risks in relation to areas such as financial sustainability, civil emergency response planning, and devolution. The outcome of this review is expected at the next meeting of the Committee. Finally, the Insurance, Risk Management and Business Continuity Manager noted the contents of the service risk register.  

The Chair thanked the Insurance, Risk Management and Business Continuity Manager and invited questions from the Committee.  

Councillor Ottino asked several questions: 

• Whether more information on the origins and history of the red risks noted on page 10 of the report could be provided to support the Committee’s understanding. 

• Whether clarification could be provided around the definitions of the risk categories noted on page 32, and how officers determine these.  

• Whether distinction could be made between ‘local’ and ‘regional’ media in the consideration of the adverse publicity risk on page 34.  

The Insurance, Risk Management and Business Continuity Manager clarified that within the service risk register, risks currently identified as red have remained so since the previous report, however a review is expected shortly, at the request of the Risk Management Group. The Committee therefore understood that these categorisations may change. In response to Councillor Ottino’s second question, it was explained that a scoring system based on percentages is utilised to assess the probabilities of risks occurring by officers, however the Insurance, Risk Management and Business Continuity Manager agreed that this can be a challenging matter to assess and committed to reflecting on the terminology used. Finally, in regards the adverse publicity risk noted on page 34, the Committee learned that the differentiation between local and regional media is not strictly defined, but examples were provided to demonstrate the commonly accepted differences.  

Councillor Ottino noted that the table of risks is challenging to read and requested that it be presented in a clearer manner, for example, themed by areas of the Council. It was also asked whether the table was up to date and reviewed adequately as it contains risks dated from 2011; Councillor Smith supported this concern.  

The Insurance, Risk Management and Business Continuity Manager explained that the risk register is entering the process of review. The Group Finance Director acknowledged the concerns raised and explained that the Risk Management Group regularly reviews the register and has deemed many of the historic risks to still be relevant to ongoing matters, such as Brexit. 

Councillor Smith emphasised the importance of treasury management for Councils, specifically linking it to the context of Oxford City as reason to maintain it as a high priority within the risk register. The Group Finance Director agreed. 

Councillor Smith requested that the Committee be given a more up to date risk register to review at the next meeting of the Committee.  

The Chair noted that it would be helpful for the Committee to understand which risks can be managed, and which are generic. It was therefore requested that information on how other Councils compile risk registers and assess longer term risks be provided. It was noted that the Committee may be more reassured if they could understand how judgment and risk probability are approached in other regional contexts. The Committee discussed a range of specific risks linked to the context of Oxford City and Councillor Smith noted that it could be hard to provide a benchmark understanding as all Councils will be subject to different local risk contexts but requested whether an understanding of benchmark for finances could be explained. The Group Finance Director considered the examples of Cambridge and Watford as potentially comparable examples based on demographics; the Chair suggested that this information be brought back at the next meeting of the Committee.  

Councillor Smith queried why text relating to the development of future programmes and staff retention is emphasised in italics within the report and requested information regarding the consideration of staffing within the ongoing work. The Group Finance Director confirmed that the fit for the future programme is continuing under the latest Council objectives and will be reported to the Organisation Change Board, chaired by a Deputy Chief Executive. The use of italics in the report was not noted as significant.  

The Chair invited the Committee to consider recommendations. 

The Committee recommended: 

• That comparative information on how risk registers are defined, assessed, and constructed at comparable local authorities be provided for the Committee to review at the next meeting. 

The Committee: 

• Noted the outcome of the review of the Risk Management Strategy and Toolkit, indicating that they are satisfied with the risk management process and approve it. 

• Noted the review of the Corporate Risk Register being undertaken by the Corporate Leadership Team and risk owners and receive the risk register for review at its next meeting in order that it can be satisfied that corporate risks are identified and managed. 

• Reviewed the Service Risk Register. 

The Insurance, Risk Management and Business Continuity Manager left the meeting.