Audit Committee – 13 February 2026
Principal Risk Register Review
|
Purpose |
For Review |
|
Classification |
Public |
|
Executive Summary |
This report updates the Audit Committee on the position of the Council’s Principal Risk Register. The main updates are as follows: · All service risk registers have been reviewed to inform any proposed changes to the Principal Risk Register. · All principal risks have been reviewed in depth by EMT. · Updates to a number of ratings, overviews and mitigation comments have been made to the Principal Risk Register. These have been highlighted in blue text in appendix 1. · It is proposed to remove the Principal Risk for the Transformation Programme and include a new Principal Risk for Political Environment. · It is proposed to remove the Principal Risk relating to social housing regulatory compliance as the risk is deemed to be low (risk will continue to be maintained and monitored at service risk register level). · It is proposed to include the Principal Risk relating to recruitment and retention of staff within the Principal Risk relating to Local Government Reorganisation · The Principal Risk for Local Government Reorganisation has evolved to encompass a broader remit, dealing with three core areas: capacity, finances and staff. · It is proposed to add a new Principal Risk for the Health and Wellbeing of tenants in temporary accommodation. This risk as already included on the service risk register however it is felt this should be escalated to a Principal Risk. |
|
Recommendations |
It is recommended that Audit Committee give feedback on: 1) the updated Principal Risk Register included in Appendix 1 for onward consideration by the Cabinet; and 2) the proposed Cabinet recommendation as follows: a) Consider the Principal Risk Register updates and recommend adoption by Council. |
|
Reasons for recommendation(s) |
To meet the requirements of the Council’s Risk Management Policy and to ensure that the Council complies with the corporate governance requirements relating to risk management. |
|
Ward(s) |
All |
|
Portfolio Holder(s) |
Councillor Jill Cleary – Leader / All |
|
Strategic Director(s) |
Alan Bethune – Strategic Director Corporate Resources (Section 151 Officer) and;
Paul Whittles – Assistant Director - Finance |
|
Officer Contact |
Karen Webber |
Background
1. Risk management aims to identify the risks that may impact on the Council achieving its objectives. Its purpose is to evaluate, design and implement effective measures to reduce both the likelihood and potential impact of these risks occurring.
2. The Council has a statutory responsibility to have in place arrangements for managing risks under the Accounts and Audit Regulations, which require a sound system of internal control, facilitates the effective exercise of the Council’s functions and includes arrangements for the management of risk. As such it features strongly in the Council’s Local Code of Practice for Corporate Governance and is one of the primary assurance strands in the Annual Governance Statement, which places significant reliance on a robust risk management framework.
3. The Council’s Risk Management Policy was approved by Audit Committee in January 2025. It provides a structured framework to ensure risks and opportunities are reviewed across all Services, Portfolios and Corporately, in a consistent way.
4. The Council’s Principal Risk Register is an important element of this framework and is reviewed and updated every 6 months.
5. In January 2025, the Principal Risk Register was reshaped to focus on the most significant risks encountered by the Council. The risks are strategic and will assist further in the Council achieving the priorities set out in the Corporate Plan.
Principal Risk Review
7. All Principal Risks have been reviewed, and the relevant Service Managers have been consulted on proposed changes.
8. The amended Principal Risk Register can be found at Appendix 1, including changes following EMT reviews in October 2025 and January 2026. Additions to risk overview and mitigation comments are shown in blue, with deletions struck through. Amended scores are as follows:
a. PR4 Business Continuity: Residual risk reduced from 12 to 6
b. PR5 Health & Safety: Residual risk reduced from 6 to 4
c. PR16 Planning & regulatory system upgrade: Inherent Risk reduced from 16 to 9; Residual risk reduced from 12 to 6
d. PR17 Climate & Ecological Emergency: Inherent Risk reduced from 12 to 9; Residual risk reduced from 9 to 3
9. Furthermore, it is proposed to remove the current risk PR15 Transformation Programme given the current focused nature of this workstream in light of the continued and growing progression of LGR activity, and to insert a new risk – Political Environment (using the same PR15 reference).
10. This new Principal Risk is to reflect the need for NFDC to consider the impact on NFDC, including our ability to make decisions, by potential changes to the political landscape across the UK as a whole, incorporating the uncertainty regarding the timing and outcomes of elections at all levels.
11. It is also proposed to remove the current risk PR10 Social Housing Regulatory Compliance as a Principal Risk but retain and monitor at Service risk register level. A mock inspection was commissioned to appraise the service and although scope was controlled it provided good assurance along with some learning that is being applied, all governed by the inspection readiness group.
12. It is further proposed to remove the current risk PR19 Recruitment and Retention of Staff as a standalone and to incorporate into the overall Local Government Reorganisation risk PR9 as the risk directly relates to the uncertainty of LGR and devolution.
13. Risk PR9 Local Government Reorganisation has been broadened to articulate the current three main areas of risk presented by LGR of capacity, finance and staffing. This risk should be expected to continue to evolve and change regularly as the LGR process moves forward.
14. Risk PR20 Health and wellbeing of tenants in temporary accommodation has been added at the request of the Strategic Director Housing & Communities. This risk is already included on the service risk register however it is felt this should be escalated to feature as a principal risk.
Corporate plan priorities
15. The recommendations aim to improve the effective execution of all corporate plan priorities by presenting risk mitigation strategies that tackle the overarching vulnerabilities faced by the Council.
Options appraisal
16. An options appraisal is not applicable for this report.
Consultation undertaken
17. Consultation has been undertaken with Senior/Service Managers with responsibility for a Service Risk Register, particularly in areas where changes have been proposed.
Financial and resource implications
18. There are none arising directly from this report, although strong risk management and a solid understanding of risk supports robust financial management.
Legal implications
19. If the legal principal risks are not managed this does bring risk to the council.
Risk assessment
20. The risk management implications are set out within the content of this report.
Environmental / Climate and nature implications
21. If the climate principal risks are not managed this does bring risk to the council.
Equalities implications
22. There are no direct equality implications from this report.
Crime and disorder implications
23. There are no direct crime and disorder implications from this report.
Data protection / Information governance / ICT implications
24. There are no direct data protection / information governance / ICT implications from this report.
|
Appendices: |
Background Papers: |
|
Appendix 1 – Principal Risk Register (January 2026)
|
Audit Committee - 24 January 2025: Principal Risk and Risk Management Policy Update
Audit Committee - 27 June 2025: |