Agenda item - Strategic Risk Monitoring

Agenda item

Strategic Risk Monitoring

Minutes:

A report was submitted which presented revised strategic risk categorisations and risk management plans.

 

Internal Audit had recommended that the Authority reviewed the format of the strategic risk register to ensure there was clarity and evidence of movement in a risk and whether risks were controlled and managed or if further escalation may be required.

 

The Committee was informed that in response to the recommendations, the Management Board of the MCA had undertaken a review of its 13 strategic risk categories.  As a result, the strategic risk framework had been rationalised to cover five categories of risk.  These were:

 

1.         Strategic Focus

2.         Organisational Management

3.         Budgetary and Financial Management

4.         Programme Management

5.         Governance and Compliance Management

 

Against the new risk categories, the individual corporate risks were summarised into Strategic Risk Registers which were attached at Appendix A to the report.

 

Members were informed that each risk register was structured to provide:

 

·         A description of the risks, each individually scored for the likelihood and impact

·         A description of the potential consequences/impact if the risk materialised

·         A risk category cumulative score

·         A description of the mitigation strategies and controls

·         A mitigates risk category cumulative score

·         Control/mitigation weaknesses

·         Action Plan

·         Risk Owner

 

A summary of the actions for the coming year was attached at Appendix B to the report.

 

It was noted that the risk ratings shown in the risk registers are structured on a 4-point scale using a probability impact grid which was illustrated within the report.

 

It was suggested that in future the full risk registers were presented to the Committee twice annually but that, in between that, the Committee receive a monitoring report that covered and updated on Medium-High and High risks, identified any risk movements and charted progress against the cumulative action plan.

 

The Committee welcomed the revised strategic risk categorisations and risk management plans commenting that they provided greater clarity.

 

A Marshall suggested that it would be useful if the intermediate monitoring reports contained a heat map and Gantt chart to see where risks were moving and also to show any emerging risks that had been identified during the period.

 

R Adams confirmed that all Directors and Assistant Directors had been involved in the process and eight Risk Champions had been trained.  The next step would be to embed the process throughout the organisation.

 

Members noted that consideration was being given to using risk management software to enhance reporting.

 

Officers updated the Committee on risks around the public transport system, resources to run the organisation, the effects of Covid-19 and the integration of SYPTE into the MCA.

 

It was agreed that further details on the integration of the MCA and SYPTE would be brought to a future meeting of the Committee.

 

D Smith agreed to bring an report describing the different possible economic scenarios for the region post pandemic to the next meeting.

 

RESOLVED – That the Committee had considered and discussed:

 

i)          The revision of the MCA strategic risk categorisations.

 

ii)         The strategic risk definitions.

 

iii)        The established mitigating controls and the self-assessment of weaknesses in controls.

 

iv)        The annual action plan.

Supporting documents: