Audit Committee – 31 October 2025
Risk Management Process
|
Purpose |
For Decision |
|
Classification |
Public |
|
Executive Summary |
This report updates the Audit Committee on the council’s risk management processes, including the use of detailed service risk registers and a high-level principal risk register. |
|
Recommendations |
That Audit Committee note the contents of this report and provides feedback as necessary. |
|
Reasons for recommendation(s) |
To meet the requirements of the Council’s Risk Management Policy and to ensure that the Council complies with the corporate governance requirements relating to risk management. |
|
Ward(s) |
All |
|
Portfolio Holder(s) |
Councillor Jill Cleary – Leader / All |
|
Strategic Director(s) |
Alan Bethune – Strategic Director Corporate Resources and Transformation (Section 151 Officer) |
|
Officer Contact |
Paul Whittles Assistant Director - Finance 02380 285766
Karen Webber |
1. The Council approved the latest Risk Management Policy in February 2025. It sets out how New Forest District Council manages its risks in order to provide the right environment to operate within, whilst making the most of opportunities as they arise.
2. Risk management is integral to all policy and project planning and operational management throughout the Council and integrates with our corporate governance and performance management.
3. Audit Committee play an important role in overseeing the development and implementation of risk management policies within the Council.
Risk Management
4. All services maintain a service risk register. The aim is to identify the risks that may impact on the service achieving its objectives. Each risk is evaluated with regard to the likelihood of the risk occurring and the impact caused should the risk materialise. Using a risk matrix an overall risk score is determined. These scores allow comparisons to be easily made and helps risk owners prioritise resources to help mitigate them.
5. Additionally, whilst not mandatory, some projects maintain a specific programme risk log that informs the relevant service risk registers.
6. The service risk registers include:
a. Risk owner
b. Specific service risks
c. Likelihood/probability and impact scores providing the inherent risk score/rating
d. Mitigation actions
e. A revised likelihood/probability and impact scores with a mitigated risk score/rating
f. A flag, where appropriate, to indicate a service risk is also a principal risk
7. An example of a service risk register is provided at Appendix 1.
8. Whilst these are live documents and may be updated at any point, to ensure regular consideration is given and in line with the Council’s Business Planning Framework, they are all reviewed quarterly by service leads. An update of significant changes following this quarterly review is provided to the Council’s Executive Management Team (EMT).
9. Consequently, as part of the EMT review, consideration is given to which risks should be added to or removed from the Council’s Principal Risk Register as well as any amendments to the existing suite of principal risks.
10. The Principal Risk Register was introduced to focus on the most significant risks encountered by the Council. The risks are strategic, and their management will assist the Council achieve the priorities set out in the Corporate Plan.
11. The Principal Risk Registers include:
a. Risk title
b. Corporate Plan Theme
c. Risk Owner
d. Risk Rating (Inherent and Residual)
e. Risk Event
f. Overview and Mitigation comments
12. In line with the Council’s Business Planning Framework the Council’s Principal Risk Register is considered by Audit Committee every 6 months. Reporting all service risks for consideration by Audit Committee and Cabinet would be unmanageable, as there are over 30 service risk registers resulting in hundreds of risks being identified and managed.
13. The latest Principal Risk Register update was provided at the last committee meeting in June 2025, and a further update shall be presented at the January 2026 committee meeting.
14. The recommendations aim to improve the effective execution of all corporate plan priorities by presenting risk mitigation strategies that tackle the overarching vulnerabilities faced by the Council.
Options appraisal
15. An options appraisal is not applicable for this report.
Consultation undertaken
16. Consultation has been undertaken with Senior/Service Managers with responsibility for a Service Risk Register.
Financial and resource implications
17. There are none arising directly from this report, although strong risk management and a solid understanding of risk helps to support robust financial management.
Legal implications
18. If the legal principal risks are not managed this does bring risk to the council.
Environmental / Climate and nature implications
19. If the climate principal risks are not managed this does bring risk to the council.
Equalities implications
20. There are no direct equality implications from this report.
Crime and disorder implications
21. There are no direct crime and disorder implications from this report.
Data protection / Information governance / ICT implications
22. There are no direct data protection / information governance / ICT implications from this report.
|
Appendices: |
Background Papers: |
|
Appendix 1 – Waste and Transport Service Risk Register |
Audit Committee - 24 January 2025: Principal Risk and Risk Management Policy Update
Audit Committee - 27 June 2025: |