Issue - meetings
Strategic Risk Register, Risk Policy and Draft Risk and Opportunity Management Strategy and Guide
Meeting: 26/06/2025 - Audit and Governance Committee (Item 72)
Purpose:
This report presents the latest version of the Council’s Risk and Opportunity Management Strategy and the Council’s Risk Register.
Recommendation(s):
That the Audit and Governance Committee resolves to:
1. Approve the Risk and Opportunity Management Strategy attached at Annex A.
2. Note the updated Strategic Risk Register attached at Annex B.
Additional documents:
- Annex A, item 72
PDF 1003 KB
- Annex B Risk Register - WoDC June 2025, item 72
PDF 532 KB
- Webcast for Strategic Risk Register, Risk Policy and Draft Risk and Opportunity Management Strategy and Guide
Minutes:
The purpose of the item was to present the latest version of the Council’s Risk and Opportunity Management Strategy and the Council’s Risk Register.
Cheryl Sloan, Business Manager for Governance, Risk and Business Continuity, introduced the report and highlighted the following points:
- The Risk Policy advised how risk was managed and the responsibilities within the organisation.
- The Council’s current risk appetite was “Creative and Aware”.
- Changes that had been made to the document were listed in the appendix and reflected changes to how the organisation was structured post transfer of services in phase one and two from Publica.
- The Strategic Risk Register had seen no significant changes since the last presentation to the Committee.
- Three risks were noted as remaining red, those were: Financial stability of WODC; English Devolution White Paper/LGR; NPPF and 5-year land supply.
- Changes to the Strategic Risk Register were shown in red in the body of the text.
In the discussion the Committee noted:
- It would be useful to map out the risk items identified in the Strategic Risk Register in terms of the current risk appetite of the Council. It was noted that Officers were always trying to lower risk but that this could be difficult. There was often a difference in grading of the risk dependent on the certainty around it. Items moved to green when the risk was seen as having become more certain. The example of LGR was given. This was currently labelled as red, due to uncertainty and timescales, however as more certainty arose and decisions became clearer, then the risk would be lowered. It was also noted that some risks were outside of the control of the Council.
- A query was raised about whether the risk level for GDPR and Cyber-attacks was appropriate. It was explained that the IT team had assessed controls around this area and were satisfied. However, it was noted that during the recent cyber-attacks on other organisations this level had been temporarily raised. This reflected the continuous review of the risk levels.
- The APSE Litigation Claim had been included on the register as a potential risk as WODC was a member of APSE. This litigation claim was now closing, and the risk would be removed by the next Committee meeting.
- It was clarified that the risk appetite level was decided by the Council’s Senior Leadership Team.
- It was welcome that additional resources were now being found for housing refugees and asylum seekers, however it was discussed if consideration should be given to the risk around providing housing for students who were required to move and could face educational disruption.
- A query was raised around Members who used their own electronic devices and the subsequent susceptibility to cyber-attack. It was suggested that this query could be taken to the relevant team.
Councillor Carl Rylett proposed approving the recommendations as set out in the report. This proposal was seconded by Councillor Elizabeth Poskitt, was put to the vote and agreed by the Committee.
Resolved:
That the Audit and ... view the full minutes text for item 72