Joint Audit and Governance Committee

 

 

Report of Head of Finance

Author: Yvonne Cutler Greaves

Telephone: 07917 088357

E-mail: yvonne.cutlergreaves@southandvale.gov.uk

 

South cabinet member responsible: Councillor Pieter-Paul Baker

E-mail: Pieter-Paul.Barker@southoxon.gov.uk

Telephone: 01844 212438

To: Joint Audit and Governance Committee

DATE: 15 April 2024

Vale cabinet member responsible: Councillor Andrew Crawford

E-mail: Andy.Crawford@whitehorsedc.gov.uk

Telephone: 07427 880274

To: Joint Audit and Governance Committee

DATE: 15 April 2024

 

Corporate Risk Review

Recommendation

(a) That the Committee undertakes a half yearly progress review of the corporate risk registers as outlined in the risk management strategy.

 

Implications

(further detail within the report)

Financial

Legal

Climate and Ecological

Equality and diversity

Yes

Yes

No

No

Signing off officer

Simon Hewings

Pat Connell

Kim Hall

Abi Witting

 

Purpose of Report

1.  This is the half yearly progress review of the corporate risk registers for South Oxfordshire District Council (South) and Vale of White Horse District Council (Vale). This review follows on from the joint audit and governance committee report in October 2023.

2.  The contact officer for this report is Yvonne Cutler Greaves, Risk and Insurance Team Leader for South and Vale, email: Yvonne.cutlergreaves@southandvale.gov.uk

Strategic Objectives

3.    Openness and accountability in South Oxfordshire.

4.    Working in an open and inclusive way in the Vale of White Horse.

Background

5.    The corporate risk registers attached have been compiled using the five-step risk management process as outlined in the risk management framework whereby service team and corporate objectives are validated, risks identified, evaluated and prioritised using the 3x3 matrix to develop service team and project risk registers. Mitigation actions are identified, and progress monitored with individual Heads of Service, Service Managers and Risk Champions at the risk forum,which is held half yearly to develop a risk management culture by focusing on external risks that may impact the councils going forward alongside service, project and corporate risks. Senior Management Team have the final review before reporting to Joint Audit and Governance Committee. This enables a thorough review across all the council service teams.

6.    There are a total of 32 risks (31 last report) on the South corporate risk register and 32 risks (31 last report) on the Vale corporate risk register.

7.    Three of the Councils’ risks have increased their net risk score.

Risk ref South/Vale

Description

Risk score Gross/Net

77/79

This information is classified as information relating to the financial or business affairs of any particular person (including the authority holding that information). Please refer to Confidential Appendix.

8/8

81/83

Third party supplier suffers a cyber-attack or data breach resulting in personal data of residents and staff being leaked, ICO reports, and loss of council reputation.

8/8

74/76

Failure to plan for the potential long term impact on council finances due to uncertainty of future government funding and failure of all funding increases  keeping pace with increased council expenditure, results in the councils being unable to undertake their statutory duties and provide poor customer service leading to loss of reputation.

6/6

 

8.    Two risks have been mitigated and removed from the corporate risk register:

Risk ref South/Vale

Description

Risk score Gross/Net

49/50

Third party contractors BCPs and file back-ups are not fit for purpose.

8/2

70/72

Failure to reach agreement with third party contractor to provide waste and street cleansing services at the end of current contract (June 2024)

8/2

 

9.    Two risks have been returned to the project or service risk registers, due to mitigation actions being completed.

Risk ref South/Vale

Description

Risk score Gross/Net

73/75

Failure to provide suitable temporary housing for the asylum refugees in our district and the inability to safely manage the requirements of various resettlement schemes (ARAP, ACRS, Homes for Ukraine, Syrian etc).

9/5

 

69/71

Failure to meet the requirements of the Environment Act 2021.

8/3

 

10. Two risks have reduced their net risk score in both South and Vale registers since last reported, due to mitigation.

Risk ref South/Vale

Description

Risk score Gross/Net

83/85

Failure of Registered Providers in the district to deliver and operate affordable housing leads to shortage of affordable housing to meet our housing needs register

5/3

84/86

Failure to have an effective recruitment and retention strategy in place which ensures the councils can attract, recruit and retain staff

7/3

 

11. There are six new risks for South and Vale:

Risk ref South/Vale

Description

Risk score Gross/Net

93/95

Failure to implement Idox for South and Vale with no alternative option/plan B impacts the delivery of planning and environmental health services in the short to medium term and will impact overall improvements through transformation and poor service  in  the long term resulting in loss of service delivery and income, reputation and may result in statutory fines

8/8

87/89 (merged with Risk 80/82)

Current proposed Idox functionality falls short of that originally contracted to the council to deliver and results in major delays to roll out to planning and environmental health services impacting over all service provision and delays to Ocella switch off for these services. (Risk 80/82 Failure to plan for smooth transition of Ocella replacement to Idox)

8/8

91/93

A number of key third party contracts are up for review/renewal within a similar time period, a failure to plan and resource each project may result in council failing in its statutory duties provide poor service to residents, loss of reputation and increased costs.

8/6

88/90

Failure to recruit and retain staff of the right experience and calibre at the right time in certain service teams, may result in key projects not being delivered or delayed, increased agency staff costs, poor staff wellbeing.

7/5

89/91

Limited oversight and perceived lack of prioritisation of corporate initiatives and service business plans, key projects and programmes results in staff working in silos, duplication, lack of buy in to aims and objectives, sub optimal project delivery and increased costs.

5/5

92/94

Failure to anticipate the costs of contract exits and service re-procurement/insourcing may result in increased financial burden on the council in the short to medium term, poor service delivery to residents, low staff retention and loss of reputation.

8/5

 

12. The top ten risks for South and Vale are shown below:

Risk ref South/Vale

Description

Risk score Gross/Net

77/79

This information is classified as information relating to the financial or business affairs of any particular person (including the authority holding that information). Please refer to Confidential Appendix.

8/8

86/88 New

Failure to implement Idox for South and Vale with no alternative option/plan B

8/8

87/89 New (merged with Risk 80/82)

Current proposed Idox functionality falls short of that originally contracted to the council to deliver.

(Risk 80/82 Failure to plan for smooth transition of Ocella replacement to Idox)

8/8

81/83

Third party supplier suffers a cyber-attack or data breach

8/8

58/62

IT and data security compromised due to remote working and naive user behaviour, which may result in data breach and fines/loss of reputation.

8/6

9/9

Failing to have an effective health and safety management system in place and lack of resource to support, may result in a fatality, illness or injury to staff or anyone else affected by our business; damage to property; legal action by HSE; civil claims and increased costs.

8/6

72/74

The transformation programme key four outcomes:          

  • Accessible customer services
  • Digital data and technology user centred and secure
  • People skilled supported and resilient
  • Future proof the council through continual improvement

are not realised.

8/6

91/93 New

A number of key third party contracts are up for review/renewal within a similar time period, a failure to plan and resource each project may result in council failing in its statutory duties provide poor service to residents, loss of reputation and increased costs.

8/6

71/73

Failure to deliver a full range of leisure centre activities with GLL through high fuel costs and economic downturn results in closure of facilities, impacting the health and wellbeing of residents.

8/5

76/78

Failure to plan for 5CP exit and ensure seamless transition, will impact IT and services revs and bens/land charges loss of reputation etc.

8/5

 

Climate and Ecological Impact Implications

13. There are no direct climate or ecological implications arising from this report. The corporate risk review supports the councils in achieving their corporate objectives in this area. (See impact assessment attached)

 

Financial Implications

14. There are financial implications attached to managing the risks outlined in the corporate risk registers, and risk owners are responsible for ensuring costs of mitigation are proportionate to the risk exposure.

  Legal Implications

15. None.

  Risk Implications

16. Risk identification is an integral part of this progress review.

  Other Implications

17. None

Attached:

·         South Corporate Risk Register April 2024

·         Vale Corporate Risk Register April 2024

·         Confidential Appendix

·         Climate impact assessment