Issue - meetings

Corporate risk review

Meeting: 05/07/2021 - Joint Audit and Governance Committee (Item 69)

69 Corporate risk review pdf icon PDF 300 KB

To consider the report of the interim head of corporate services. 

Additional documents:


Councillor Jane Murphy entered the room during this item, which meant the meeting was now quorate and could proceed as a formal committee meeting and make decisions. 


The Cabinet member for corporate services and transformation introduced the report. It was explained that this was the standard six-month report which the committee was asked to note. The key points raised were thirty-seven corporate risks for South Oxfordshire and thirty-eight for the Vale being identified. Both authorities had a reduction of nine risks for each. The top risk remained a cyber security breach, and three new risks had arisen relating to the failure to procedure new insurance, the need to streamline revenue streams, and the government actions surrounding the Oxford to Cambridge Arc. It was however noted that the Arc was beyond the district councils’ control. Three risks in South Oxfordshire and two in the Vale increased the net risk score and these included issues such as third-party business plans not being supported and a lack of informed decision making for planning. An additional point was made surrounding Covid-19 with the main risk centring on staff wellbeing and remote working. New risks mentioned related to the failure to realise revenue streams, failure to prevent fraud from Covid-19 test and trace and business support funding, and a lack of preparation to help support vulnerable individuals in the future.


A question was raised relating to the technology risk on the third-party business continuity plan and why a ‘Yes/No’ tolerable answer was not included in the table. The officer explained that a continuity plan was still being worked on with Capita and therefore had been deliberately left blank until the plan had been completed further. A follow up question was asked relating to the risk appetite and why the councils had an amber risk assurance level despite some not having a way forward. The officer clarified that the average values are used to calculate the risk and that the overall risk appetite led to an assigned risk level of amber.


A request was made by the committee to take on the speed of changes relating to Covid-19 as opposed to the rest of the risk register. The query was responded to with an explanation that the Covid-19 risks had been transferred to the triage risk register.


RESOLVED: to note the half yearly progress review of the corporate risk registers as outlined in the risk management strategy.