Strategic Risk Management
PURPOSE OF REPORT
To summarise the content of the Authority’s strategic risk register in accordance with the Strategic Risk Management Policy.
EXECUTIVE SUMMARY
Through regular review, a number of risks are identified as having the potential to prevent the Authority from achieving its planned outcomes and/or delivering its core functions. Of the full range of risks, the ones that are currently considered to be the highest relate to the Authority’s level of resilience to either an attack on its computer systems or to a sudden loss of staff with specialist knowledge and/or experience of the Service’s business. Even with planned countermeasures, these are likely to remain at a high risk level.
RECOMMENDATIONS
That Members note the identified strategic risks that are facing the Authority.
BACKGROUND
The Authority’s adopted Strategic Risk Management Policy defines strategic risk as “an event that, should it occur, would impact on the achievement of the Authority’s planned outcomes and/or the delivery of its core functions”.
The Authority’s Strategic Risk Register lists known risks that could potentially prevent the Authority from achieving its planned outcomes and/or delivering its core functions. Register entries are ascribed risk scores that are regularly re-evaluated by officers to reflect the current state and the predicted effect of planned countermeasures.
Under this policy, the Executive Panel receives a summary report on strategic risks at least twice a year. Between times, the Chair and Deputy Chair of the Authority are able to view the full detail of the register with officers.
The Strategic Risk Register records both current risk levels and future risk levels (based on an assumption that planned countermeasures will have had the desired effect).
Risk levels are based on an evaluation of the likelihood that something might happen and the consequences if it did. Descriptions are provided for information at Appendix 1.
INFORMATION
Officers continue to review and update the risk register, adding, removing and re-scoring risks as appropriate. A summary of the current register entries is provided at Appendix 2.
IMPLICATIONS
Well-being Objectives Maintaining the register and taking action to manage risk increases the likelihood that the Authority’s well-being objectives will be achieved.
Budget Maintaining the register helps prioritise spending decisions that would reduce risk levels.
Legal Maintaining the register helps to ensure the Authority’s compliance with laws that define its functions and how it operates.
Staffing No specific implications identified.
Equalities/Human Rights/Welsh Language No specific implications identified.
Risks An accidental release of the register could expose the Authority to harm.