The Interim Chief Officer – Finance, Performance and Change presented a report which provided the Governance and Audit Committee with an update on the changes to the Corporate Risk Assessment, in accordance with the Council's risk management timeline contained in the Council's Risk Management Policy.

She advised that the Council was required to develop effective risk management processes, including an assessment of corporate risks and the Governance and Audit Committee’s Terms of Reference required the Committee to review, scrutinise and issue reports and recommendations on the appropriateness of the Council’s risk management, internal control and corporate governance arrangements. Further background was at section 3.

The Interim Chief Officer – Finance, Performance and Change stated that the recent audit of risk management services was undertaken by SWAP Internal Audit Services on behalf of the Council’s Regional Internal Audit Service (RIAS). Whilst the audit opinion provided ‘reasonable assurance’ a number of recommendations were made to strengthen the reporting process including the need to introduce a separate ‘risk guidance’ document, embedding processes to strengthen the link between the Corporate Risk Register (CRR) and risks identified in Directorate Business Plans, and also recommended changes to the format of the CRR.

She added that the Corporate Risk Assessment has been amended to include a change recommended by SWAP Internal Audit Services, which introduces a new column displaying the date the score was assigned. The updated Corporate Risk Assessment was at Appendix A, which included 16 risks, 7 risks scored high, 6 risks scored medium, and 3 risks scored low.

She advised that there was one new risk - (Risk 16) “There is a risk that the Welsh Community Care Information System (WCCIS) will fail to operate” -has been added and has a High risk with a score of 15. This was an ICT system that holds all Bridgend County Borough Council social care records and was supported by an external contractor. As all of Bridgend social care records and services were held on this system if it should fail social work practitioners would be unable to check records of individuals known to the service and this could cause safeguarding issues.

The Interim Chief Officer – Finance, Performance and Change added that the risk scores remained unchanged apart from Risk 8 - ‘Unable to attract, develop, or retain a workforce with the necessary skills to meet the demands placed upon the Local Authority and its services’. The likelihood element of the residual score has increased from 3 to 4, resulting in an increased risk score from 12 to 16, as the mitigation actions were not currently able to reduce the risk from the raw levels.

The Lay Member asked in relation to Risk 5 the risk seemed to relate only to the partnership with Cwm Taf Health Board. She asked what were the risks with other partners of BCBC. The Interim Chief Officer – Finance, Performance and Change explained that the risk register did not specifically mention other partnerships so would look to bring that information to the committee at the next meeting.

The Lay Member asked in relation to the new risk (Risk 16), when would the residual risks be known. The Interim Chief Officer – Finance, Performance and Change explained that we were at the stage of knowing some of the mitigations. There had been a large amount of work carried out with the supplier. As the system is an all-Wales system, BCBC only has a seat at the user group to provide input etc. The system is managed by an external provider rather than within BCBC so it was difficult to understand time frames.

The Lay Member expressed her concerns with the risk and asked how concerned should the Committee be and what was the update in November going to present. The Interim Chief Officer – Finance, Performance and Change explained that the issue had been raised with CMB, CCMB and Cabinet and there were high level meetings being held with the supplier. There had also been agreements that the upgrade would not be implemented until it was stable but there were urgencies placed on this with strict timeframes of weeks being agreed.

The Chairperson asked that although the risk would be reported on in November as stated in the register, could an update be provided in September’s meeting on any concerns that the resilience had not been resolved and if we were not in a better operating position at that time.

The Lay Member asked if a note could be placed on the risks where columns were blank, to explain why they were blank. The Interim Chief Officer – Finance, Performance and Change explained that this particular risk was placed on in an emergency but there had been follow up actions since this so she would take that back to the Corporate Director Social Services and Wellbeing.

A Member asked for clarification on some of the risks which related to suppliers to the Council. She explained that Risk 9 related to Council suppliers in general and that had been a risk for some time, but other risks in the register related specifically to Covid-19 yet they were classified as a lower risk, even though on occasions there are issues with suppliers.

The Interim Chief Officer – Finance, Performance and Change explained that the issue with suppliers having staff that were pinged by the test & trace service was that of a recent issue and these papers were prepared before this had been an issue. She added that the Covid-19 risks in the register were ever changing and the risk register was updated when these were identified but there was often a delay of around 2 weeks when the papers were drafted in readiness for Committee.

The Chairperson asked in relation to Risk 11 on how the Council was addressing the risk, if the wording could be amended to reflect the current restrictions that were in place in Wales.

The Chairperson also asked for an update in the next meeting on the risk surrounding the schools (risks 14 and 15) as the risk was currently set as high. She mentioned that if the risk was still high, further information on what actions were being taken to mitigate these risks should be provided to the committee.

RESOLVED:                               That the Committee:

• Considered the updated Corporate Risk Assessment 2021-22 (Appendix A) and;

• To receive a further report in November 2021 prior to review of the 2022-23 Corporate Risk Assessment and the Corporate Risk Management Policy in January 2022.