To note a report on the Council’s current risk position and overall risk management arrangements.

Members noted a report that provided and update on the Council’s current risk position and the Council’s overall risk management arrangements. 

The Performance and Risk Manager advised that a total of 15 risks were appearing out of tolerance; however, Members were advised that “out of tolerance” did not necessarily equate to a high risk score. None of the risks with unchanged scores were short?term issues; these represented long?term assessments. A new risk relating to Oldway Mansion had been added due to the expense arising from anti?social behaviour at the site. Several risks had been de?escalated since the previous report.

The Performance and Risk Manager explained that, due to the deferred date of the meeting, a number of mitigated risk scores had changed since the appendices were produced. Members were advised of the following updated scores:

·         ST04 Failure to set a robust and medium?term resource plan had increased to 20;

·         ST10 Failure of Torbay and South Devon NHS Trust to deliver Adult Social Care statutory duties had increased to 20.

For corporate risks:

·         CP02 Failure to have adequate insurance in place had increased to 15;

·         CP05 Failure to comply with health and safety and fire legislation had increased to 20;

·         CP09 Reputation of the Council had increased to 9;

·         CP21 GDPR compliance and effective information governance had increased to 16;

·         CP23 Implementation of the Customer Relationship Management system had increased to 8;

·         CP49 Failure to have an up?to?date adopted Local Plan in place had increased to 12.

·         CP50 Failure to meet Development Management performance targets had reduced to 9; and

·         CP85 Potential loss of community equipment service had reduced to 6.

It was also noted that the report used to produce Appendix C included three inaccurate mitigated scores.

·         CP11 Large scale cyber?attack was reported as 10 but should have been 15;

·         CP88 Deprivation of Liberty (Community DoLS waiting list) was reported as 6 but should have been 9; and

·         CP89 Oldway Mansion was reported as 6 but should have been 12.

In relation to SWISCo, Members were informed that the organisation held two strategic risks, 18 corporate risks and 51 service?level risks, with seven risks scoring 16 or above. Issues identified last year regarding health and safety audits had been resolved, resulting in reduced risk scores. Management reported that they had commenced a programme of cross?business engagement with Tier 2 and Tier 3 managers to strengthen the connection between professional risk management and operational service delivery. The risk register was being used proactively by all managers and by the Senior Leadership Team on a weekly basis. Concerns were raised about workforce retention. Members were reassured by the Director of SWISCo setting out the retention focused mitigations, including high?quality PPE, improved working conditions, and strengthening organisational pride. Furthermore, SWISCo was now regarded as a well?respected employer with staff likely to recommend it to friends and family. Sickness and turnover rates remained low, reflecting the effectiveness of the risk?led mitigation approach.

Members requested that future reports include detailed risk review notes, observing that some risks remained higher than expected and that additional narrative would assist understanding.

A query was raised regarding CP73, relating to the failure to adequately undertake works to cliffs, particularly in the context of recent storms. It was confirmed that the risk primarily related to unexpected costs associated with cliff works. The risk remained within tolerance because adequate budget provision existed for repairs in recent years. Scores remained relatively high because environmental factors were outside the Council’s control. Members were advised that the risk related to cost rather than the likelihood alone.

It was suggested that future reports include commentary on how risk management had evolved over the preceding two years to provide assurance regarding the overall effectiveness of the risk management framework.