Agenda item

Review of Corporate Governance Risk Register

To consider the report of the Chief Executive & Growth Director.



The Audit Manager (HP) presented the report which advised the Audit and Governance Committee of the Council’s risk management process and provided an update of the Corporate Risk Register to enable the Committee to monitor and review the Council’s risks. There were no new risks added or deleted from the Risk Register during the last quarter, but updates had been provided from the Strategic Management Board (SMB).


The Director Finance replied to a Member’s enquiry that a dedicated Net Zero Risk Register would be presented to this meeting. He confirmed that interviews had taken place recently and the team would be in place shortly. He anticipated that the Service Lead for Net Zero and her team would be in a position to report to the next meeting of the Audit and Governance Committee in July.


The Audit Manager presented the following responses to a Member’s questions obtained from the lead officer associated with monitoring each risk.


·      Risk 2: Business Continuity:

The Ukraine situation had escalated since the Council’s Risk Register was reviewed and prepared. It was noted that adequate mitigation in respect of cyber-attacks had resulted in the removal from the Corporate Risk Register. There was no specific or different cyber security risk identified over and above the probing of the Council’s systems and phishing attacks that happen on a daily basis. The Council’s security measures were constantly reviewed and improved and these included ICT technical controls, Council awareness and training. The Council had taken part in training with Strata colleagues from East Devon and Teignbridge Councils at the National Cyber Security Centre to test cyber security capability and defences. Teignbridge and Exeter Councils had also secured funding from the Local Government Association and appointed industry experts to undertake a systematic review of cyber security arrangements which will be completed within the next few months.


·      Risk 3: Carbon Neutral 2030:

A question on the future presentation of a dedicated Risk Register for Carbon Net Zero 2030 had been answered earlier in the meeting. Members were advised that the Net Zero team were waiting on the City Council’s Carbon Reduction Plan from South West Energy and the Environment Group (SWEEG) and for a GreenHouse Gas (GHG) baseline inventory, (commissioned from SWEEG) which once approved will form a baseline from which the corporate Risk Register will be developed;


·      in demonstrating how the Exeter Net Zero Plan 2030 goal will be achieved, officers would need to assess the situation once all information from SWEEG regarding the Council’s position had been received and digested. In relation to the external Net Zero work, Exeter City Futures would produce a clear goal oriented development plan with the aim of a relaunch and a clear position statement, which was anticipated in early summer, and


·      the City Council’s Carbon Reduction Plan, commissioned from SWEEG, will include Scope 3 emissions and any action plan would include the direct actions the Council could take in relation to Scope 3 emissions, which was likely to initially focus on the Council’s procurement and supply chains. The GHG baseline for Exeter City Council commissioned from SWEEG does not include Scope 3 emissions at this stage given the limited ability to be able to take direct action.  Exeter City Futures had a key lobbying and influencing role for the city in relation to regional and national policy, which has been the initial focus for Exeter City Futures in relation to Scope 3 emissions.


The Member requested that a copy of the responses be sent separately.


The Director Finance also responded to the following Member’s questions -


·           Risk 6: Financial Sustainability: As and when the reductions were proposed, and if appropriate, an equalities impact assessment would be carried out to set out the full impact of any potential cuts in services. It was important to note that delivering a balanced budget was the legal responsibility of Council. There would be difficult decisions to be taken, but if funding was being reduced, there would be a need to reduce Council delivery accordingly.


·           Risk 8: Exeter Liveable Programme:  The greatest challenge facing the Exeter Development Fund, would be that each public body would have its own requirements for protecting publically owned assets, and it was not a good use of limited resources to make an assessment on every potential asset. Consideration of the Fund would be critical to enable the Council to make the necessary decision as to whether it was in the best interests of the taxpayer to participate. A full options appraisal, as with any potential disposal would review any potential income losses against the value of benefit available. There was a real opportunity to test the potential using Central Government funding, but any decisions would be presented to Council and be accompanied by a detailed analysis of the financial and non-financial impacts.


In relation to a Member’s comment on independent financial advice being sought by the Council on the likely performance of the Exeter Development Fund. A comparison of the income losses could be to financial or non-financial benefit and there may be occasions when an asset will be relinquished for other benefits and that is the very nature of a public body. Some of the Council’s work was not necessarily financial or profit driven. The outcome of the report was awaited with interest to understand whether independent advice to support the Council in respect of the Fund was required, and if indeed that advice was needed then that would be obtained.


The Director Finance noted a Member’s comment that the social value return to the people of Exeter should be considered and confirmed that benefits other than just a financial analysis, would be considered when weighing up any impact or potential loss.


The Audit and Governance Committee reviewed and noted the updated Corporate

Risk Register.


Supporting documents: