Agenda item

To consider the risks contained within the Corporate Risk Register and assurance that the risks are being effectively managed.  

44.1          The report of the Head of Corporate Services, circulated at Pages No. 104-122, attached the corporate risk register for consideration. Members were asked to consider the risks contained within it and the assurance that the risks were being effectively managed.  

44.2          Members were advised that the register was usually presented at each meeting of the Audit and Governance Committee; however, reporting in 2020 had been deferred as a result of the Council’s response to the COVID-19 Pandemic. The register itself was a useful tool to demonstrate that corporate risks were being considered and managed. Paragraph 3.1 of the report summarised the key actions that had arisen since the register was last presented to the Committee and included risks such as financial sustainability – pre-COVID the Council had faced significant financial challenges and those had been compounded by the Pandemic; cyber security – training and a new firewall had been implemented and an assessment was being undertaken on cyber security arrangements; emergency planning – the planned test exercise had been superseded by a real-life exercise in the form of the COVID-19 Pandemic and a lessons learnt exercise would be undertaken in due course; the waste service – a decision would be made on the extension of the Ubico contract; Brexit – an internal risk assessment was being done to show how it may impact on the Council and the Local Resilience Forum was looking at the wider impact on the county; the Garden Town – the planning application for the Ashchurch bridge had not been presented to Planning Committee as intended and there was concern from Members about the project which would need to be kept under review; and delivery of priorities – this was a new risk which it was important Members were aware of.

44.3          In terms of the Garden Town project, many Members had expressed concern about it and it was felt assurance needed to be provided that the risks were being managed effectively. It was agreed that one of the team would be asked to attend the Audit and Governance Committee in March. In response to a query about how the Council could plan effectively for Brexit, the Head of Community Services explained that Officers were taking the approach of considering the worst case scenario; there was also a need to consider planning for concurrent emergency events and there was quite a lot of work being undertaken in that regard in terms of COVID secure rest centres for flood victims etc.

44.4          A Member referred to the outcome of the recent inquest into the death of Ella Kissi-Debrah, whereby air pollution had been found to have made a material contribution to her death, and questioned whether this would have a significant impact on the Council’s action on air quality and whether that would be included in the risk register. In response, the Head of Community Services confirmed that monitoring was undertaken as a matter of course and, prior to the COVID-19 Pandemic, Officers had planned real-time monitoring and the possible removal of the air quality management area in Tewkesbury Town. The team would now be looking at the guidance from the Department for Environment, Food and Rural Affairs (DEFRA) following the inquest to understand the implications on the Borough. Another Member questioned whether the actions taken in respect of cyber security would be enough or whether further work needed to be done. In response, the Head of Corporate Services confirmed that cyber security was never something that could be complete. The Council had undertaken its assessment against the ISO001 standard which had shown some new policies were required which was being undertaken and updates would be provided through the Lead Member briefings. It could certainly not ever sit on its laurels in this regard.

44.5          Accordingly, it was

                 RESOLVED           That the risks contained in the corporate risk register, and the                              assurance that those risks were being effectively managed, be                            NOTED.