Agenda item

1.     The item was presented by the Head of Risk and Delivery Assurance, Mr Mark Scrivener.

2.     Mr Scrivener highlighted to Members that a previous information briefing had taken place around the Committees’ purposes and responsibilities in relation to risk management and confirmed that a training session as part of the Member Induction was scheduled for later in the month.  In addition, a specific briefing could be provided for elected Members in relation to the Corporate Risk Register, ahead of a future presentation of the register.

3.     Some of the key points of the report included the following:

        a)     The covering report provided an overview of any changes to the Register.  This included any additions or removal of risks, any change of ratings or revisions. 

        b)     Mr Scrivener drew Members’ attention to Appendix 1 which contained the details of the Register and Appendix 2 which provided headlines of the directorate risks below corporate level.

        c)     It was confirmed that Cabinet Committees and officer forums would discuss details of the risks throughout the year.  This report was intended to provide assurance regarding a broader approach to risks.

        d)     Mr Scrivener confirmed that his team were currently looking at the control element to see where the key controls resided and what assurances were given against them. It was confirmed that the internal audit function used the risk register as one of the sources of information to guide their audit work.

4.     In answer to Member questions, the following was said:

        a)     The Corporate Director for Growth, Environment and Transport and Senior Responsible Officer for the Oracle Cloud Project, Mr Simon Jones confirmed that the programme was due to go live on 18 August 2025 for models relating to finance and some procurement activities.  Within the organisation, several business readiness groups and training / familiarisation with the new system had taken place. 

                In terms of product testing, user acceptance testing was currently being conducted, and the test scripts operated at around 88% success rate. At the end of July 2025, the organisation would check the progress of the product to ensure it was capable of operating when the programme went live in August.  A system cutover would take place prior to going live, which involved a 10 day period where data would be migrated onto the new system and initial safety testing would be undertaken within that, ahead of making a final decision to cut over and go live for all users.

        b)     It was discussed and confirmed that interim updates on the progress of the Oracle Cloud implementation could be delivered to the Committee ahead of the next scheduled meeting in September, by way of an informal briefing.  These would likely take place after critical milestones in the delivery of the programme had been achieved.

        c)     A Member asked a specific question concerning how the risk rating was devised relating to the corporate risk of fraud and error. Mr Scrivener explained that, when looking at risk ratings, the current risk exposure was assessed, which considered the controls in place to manage the risk. It was further explained that if there was an inherent rating, the risk would be high, however as there were controls in place this reduced the fraud risk and error to an amber level.

        d)     The Head of Couter Fraud, Mr James Flannery, explained that within the reports around fraud and error, there were irregularities and on occasion it was not to the benefit of an individual and was classified as an error, however there were certain circumstance where on the balance of probabilities, it was fraudulent behaviour. Issues arose where it was considered not in the public interest to progress further to criminal investigation and recovery, due to the value of the funds involved. Mr Flannery confirmed that he would revisit the way fraudulent activity and error was reflected in future reports.

        e)     The General Counsel, Mr Ben Watts, clarified that the Authority did take prosecutions on some cases where it was appropriate in relation to fraud and there was a recognition of a deterrent element which created a broader saving.

        f)      In answer to a Member’s question regarding risk CR0015 – Sustainability of the Social Care Market, with a focus on the change in Employer National Insurance and new Visa restrictions, the Corporate Director for Adult Social Care, Mr Richard Smith confirmed that the directorate continued to closely monitor the relationship with care providers and no intelligence had been received to indicate that  providers had not been able to meet payroll, or had to close businesses due to the changes in employer National Insurance.

        g)     In answer to a Member’s questions regarding Peppercorn Rents and PFIs, it was confirmed that a note would be taken of these specific requests so the Executive could consider them as part of their policy formation, as well as ensuring the relevant Cabinet Member has the opportunity for consideration.

        h)     Mr Scrivener confirmed he would liaise with ICT Compliance and Risk Team in relation to CyberEssential Plus external accreditation for larger supply chains.

        i)      The Director of Strategy and Policy, Mr David Whittle confirmed that Local Government Reform (LGR) risk was live and currently being debated and whilst it had not yet been codified, there would be a form of an LGR risk added to the Corporate Risk Register at the appropriate time.  By way of a timetable, Mr Whittle explained that a paper would be brought to the relevant Cabinet Committee in the first instance and progressed from there.

        j)      Mr Betts confirmed the reason the risk level for savings and income had reduced was due to the additional governance and monitoring steps put in place for the current financial year to get savings delivered and mitigating actions could be put in place to reduce the level of overspend.

        k)     Mr Betts confirmed that the Authority had been working with the Commissioners in Adult Social Care and the providers to understand the pressures connected with the increase in Employers National Insurance, however it was explained to Members that the Authority could only increase the total amount of income available by the referendum thresholds for Council Tax. 

5.     RESOLVED the Committee noted the report for assurance.