Decision details

Risk Management policy and strategy

Decision status: Recommendations Approved

Is Key decision?: No

Is subject to call in?: No


Rachel Ashley-Caunt, Chief Internal Auditor attended the meeting and presented the Risk Management Policy and Strategy for the Committee’s review. The Risk Management Policy and Strategy set out how the Council would manage risk - both in business as usual and in transformational activity. It also explained how risk was managed at each level of the organisation and how a hierarchy of risk registers (from the strategy risk register down to directorate and project risk registers) was used to communicate and escalate risks.


It was noted that since the original Risk Management Strategy was produced and approved in July 2021, the Council had sought to further develop its risk management framework and embed risk management within the organisation.  The draft Risk Management Policy and Strategy was intended to reflect the informed and developed risk management approach, with an emphasis on sources of assurance and developing further to align with recommended practice.


It was noted that following the progress made in this area, a new Risk Management Policy and Strategy had been drafted to reflect the updated approach and to seek to continue this development of the risk management framework and culture. 


Areas where the document provides further clarity include:


                  Details on how risks should be identified and recorded, at each level of the organisation;

                  Support on the application of the risk scoring methodology and tolerances;

                  Guidance on the importance of the ‘sources of assurance’ section of the risk register and how this should be used to inform high risk areas for internal audit coverage;

                  An outline of the roles and responsibilities of key officers, including in the escalation process between the different layers of risk register;

                  How the Council will seek to develop and embed risk management further, including the roll out of officer and Member training;

                  Reference to the development of fraud risk registers, the process for which will be detailed further in the Counter Fraud Strategy; and

                  Linking the approach to the Council’s values.



Following debate it was:


RESOLVED            That the Risk Management and Strategy be approved for adoption.

Publication date: 13/02/2024

Date of decision: 12/02/2024

Decided at meeting: 12/02/2024 - Audit and Governance Committee

Accompanying Documents: