To receive an update on the risks and summary assurances presented in the Annual Corporate Risk Report, which was considered by Executive Board on 20 September 2023.
Minutes:
The Board received a report providing an update on the risks and summary assurances presented in the Annual Corporate Risk Report, which was considered by Executive Board on 20 September 2023.
In attendance for this item were:
· Mariana Pexton, Director of Strategy and Resources
· Tim Rollett, Intelligence and Policy Manager
· Cllr Debra Coupar, Executive Board Member for Resources
A presentation was made to support this item, highlighting the key points in the report and providing a joined up picture of the risk and resilience activities undertaken by the council. This included details on the corporate risk register providing descriptions, risk ratings and the accountable director and portfolio member risk owners. It was also noted that risk management is the responsibility of all staff working for the council and to support that a series of risk workshops have been held to provide more information to staff and to support reporting of risks.
Responding to comments and questions from the Board the following issues were discussed:
· Members sought clarity on an update to the risk register that was referenced in the submitted report. The Board heard that a recent round of risk updates had led to an increase in the risk rating of the medium-term finance risk. This was already a high rated risk but as a result of the update the risk was increased, reflecting the ongoing financial challenge being faced by Leeds and the local authority sector.
· Responding to a question on cyber attacks and cyber security and what might be learned from experiences in other public sector organisations, the Board heard that cyber security is also a high risk area with extensive measure sin place. High profile cyber-attacks at other local authorities such as Hackney and Cleveland and Redcar have raised awareness of these issues and the Council is part of West Yorkshire Resilience Forum which sees the five local authorities coming together to discuss high profile incidents and to share learning on risk mitigation. In recent years this has seen a test exercise conducted to evaluate systems and identify weaknesses. A key learning area from this was a need to ensure that IT systems are kept update with the latest cyber security software. In addition, work is ongoing with colleagues in IDS to ensure greater cyber security and to review the existing cyber controls. It was suggested that feedback could be provided on this once the work is completed.
· The Chair noted that some of the risks in the corporate risk register actually fall into the remit of other boards. It was agreed that the Chair would write to the other scrutiny chairs to highlight these risks and to make a link between risk and performance reporting which all boards consider in June and January, the key point being that if the financial challenge impacts performance in key areas then there could be an impact on risk.
Resolved:
The Board noted the annual risk and resilience report and the assurances given on the most significant corporate risks in line with the council’s Risk Management Policy and Strategy and the Board’s overarching responsibility for their management, and:
a) Agreed that the Chair should write to the other scrutiny chairs setting out the corporate risks that sit within their remits and making a link between risk and performance reporting which is considered by all scrutiny Boards in January and June each year.
Supporting documents: