Agenda item

(A report by John Medler, Assistant Director – Governance and Monitoring Officer)

The Committee received the Quarter 3 Risk Report for the 2025/26 financial year, presented by the Group Manager – Insights and Transformation, which provided an update on the Council’s strategic, partnership and fraud risks as at the end of December 2025, including current risk scores, mitigation activity and movements since the previous quarter.

Members were advised that the report followed the Council’s established risk management framework and continued to focus on areas of highest impact and likelihood. The Committee was reminded that risks were monitored at strategic, operational and partnership levels, with the Audit & Governance Committee providing oversight of the highest?level risks.

The Committee noted that several strategic risks remained above their target scores at Quarter 3, although mitigation activity was ongoing.

Reference was made to risks associated with environmental and legislative change, service delivery pressures and emerging technology. Members were advised that one risk relating to health and safety, which had been shown as red at Quarter 3, had since been mitigated through completed actions and would be reflected as reduced in the Quarter 4 report.

The Committee received clarification on how target risk scores were used within the framework, including the distinction between risks that were being treated and those that were tolerated due to their external nature or unavoidable impact. It was noted that some high?impact risks, such as those relating to budget and funding pressures, were inherently difficult to mitigate and were therefore subject to close monitoring rather than immediate reduction.

Members discussed the inclusion of risks associated with artificial intelligence and emerging digital tools. The Group Manager – Insights and Transformation explained that these risks reflected the rapid pace of technological change and the importance of ensuring appropriate governance, oversight and assurance arrangements were in place. It was confirmed that this area was subject to internal audit review and would continue to be developed as understanding matured.

The Committee also considered risks relating to digital connectivity and infrastructure resilience. Members raised concerns about disparities in connectivity across the borough and the potential impact on residents, particularly in rural areas. Officers advised that work was ongoing across relevant service areas to better understand data sources, risk ownership and mitigation options, and that further information would be fed into future risk reviews.

Discussion took place regarding partnership risks, including those associated with funding sustainability and staffing capacity. Members were advised that these risks reflected pressures across the wider partnership environment, particularly in the context of transformation activity and Local Government Reorganisation. It was noted that partnership risks were reviewed alongside Council?specific risks to ensure consistency and visibility.

Members queried the history and governance of certain risks, particularly where mitigation activity had previously been paused or delayed. The Group Manager – Insights and Transformation explained that the risk register served as a mechanism to ensure such issues were visible and escalated appropriately, and that the inclusion of risks within the register had facilitated renewed focus and resolution.

The Committee also considered fraud risks included within the report and noted that no significant changes had occurred during the quarter. Members were advised that a full review of fraud risks and controls would be undertaken as part of Quarter 4 reporting.

During discussion, Members queried the history of the risk relating to the Council’s server room, noting that mitigation activity had previously been paused. Officers advised that the project had been paused for a period due to political tensions within the partnership, but that work had since recommenced and the project was now complete, with the risk expected to be reduced in Quarter 4. Members expressed concern that political considerations should not delay the mitigation of strategic risks and requested further assurance on the governance arrangements supporting risk management decisions.

Overall, the Committee was satisfied that the risk report provided a clear and structured overview of the Council’s most significant risks and the actions being taken to manage them. Members emphasised the importance of maintaining transparency, consistency and appropriate challenge within the risk management process.

Resolved:

That the Quarter 3 Risk Report 2025/26 be noted.