Agenda item

Report of the Chief Strategy Officer.

Members received a report of the Chief Strategy Officer, who described the status of the risk management work as continuously evolving. It was highlighted that service committees are setting risk appetite against corporate risks. The key updates were as follows:

·       Corporate Risks CR2 and CR10: Following discussion, it was determined that these risks should remain separate. CR2 (Loss of Business Support) is being reframed to better reflect the Corporation’s strategic concerns and will be reviewed at the next Chief Officer Risk Management Group (CORMG) meeting in October.

·       CR33 (Major Projects) and CR29 (Information Management): These risks were going to be revised with the Chamberlain to ensure that they are reframed as risks rather than issues.

·       CR39 (Recruitment and Retention): This risk was considered outdated and work has been underway with HR to assess whether any people-related risks should be elevated to corporate level. An invitation had been extended to the interim Chief People Officer to attend the next committee meeting to discuss this further.

·       Likelihood and impact: Following questions raised at call over, the team had analysed the 13 corporate risks, and it was found that 12 aim to reduce their scores: 8 by lowering likelihood, 3 by reducing impact, and 1 by addressing both. Only CR36 (Protective Security) is not aiming to reduce its score but is actively managed.

·       Mitigation Themes and Timeframes: Common mitigation themes included funding, resourcing, stakeholder engagement, strategic planning, and emergency preparedness, with timeframes ranging from six months to long-term targets in 2027 and 2029. Three risks (CR29, CR33, CR39) were overdue but are undergoing revision.

·       Data Protection and GDPR: Clarification was provided on GDPR-related risks, which were split between CR16 (external breaches) and CR29 (internal data handling) to reflect the different aspects of data protection.

The Chair thanked the team for their work and asked the team to ensure that the reconsideration of CR29 is clearly included in the risk description, so that Members and others do not have any confusion at a later stage.

RESOLVED - That,

• Members are content to invite the interim head of HR to the next Risk Management committee meeting. 

• Members received the report and noted its content.