Agenda item

Risk Management Update

This report provides an oversight of the Council’s key service risks and the processes to facilitate the identification and management of those risks.


Mike Sloniowski, Risk Manager, presented the report that provided an oversight of the Council’s processes to identify and manage its significant corporate business risks. He acknowledged that recent months had seen a number of dramatic and tragic events – the Grenfell Tower Fire, terrorist attacks in London and Manchester, the NHS ransomware cyber-attack, and a snap-election – and noted that corporate risks were being reassessed as well as the Council’s business resilience and continuity arrangements in view of them.


Councillor Michael Adam noted that the Royal Borough of Kensington and Chelsea Council was, until last week, widely considered to be a well-run and efficient organisation but their response to a major civil emergency was clearly lacking. He asked what officers were doing to understand what went wrong in Kensington and check their processes against our own. Mike Sloniowski said they were looking at lessons learned and following recent events were looking to use new processes to ensure the Council had a dynamic and agile continuity response. David Hughes said the team would be look closely at emergency planning and business continuity arrangements in the event of major incident.


Councillor PJ Murphy noted that Hammersmith and Fulham Council was historically closely linked with RBKC through the shared services arrangements and asked if our response to a similar incident would have been different. Mike Sloniowski said that Hammersmith and Fulham had a sovereign emergency planning and business continuity function, with its own response plan and the Emergency Planning Service would be assessing the lessons from Kensington and Chelsea’s response.


Councillor Vivienne Lukey noted that she was working for Westminster City Council at the time of the 7/7 bombings and the legacy of that event was a set of clear government guidelines on emergency response – but they didn’t seem to be used in relation to Grenfell. Mike Sloniowski said officers in the Council’s Emergency Services and Business Continuity Teams did look at the latest guidance from the Government as well as best practice from business and other local authorities.


Councillor Guy Vincent, referring to Appendix 1 on the exempt agenda, asked if a financial value could be determined for the risks presented. Mike Sloniowski said values could be attached to help articulate the severity of those risks – but advised that some departments were very risk-averse and some of those risks were likely to be moderated down. Training would be given to staff to help them more accurately assess the level of certain risks.


Councillor Nicholas Botterill, noted the high degree of risks associated with the new ICT service and asked if it was not achieving the desired outcomes. Mike Sloniowski advised that at the start of projects officers tended to mark risks as fairly high because there were so many unknowns – but he expected them to come down over time as the new team settled in.


Councillor Mark Loveday observed that the collapse of the Tri-Borough arrangements had been announced before these risks were collated but none of the Directors had identified it as an organisational risk. Mike Sloniowski said it was on the corporate risk register but he would follow up with Directors. Councillor Loveday felt the registers may not have been as thoroughly refreshed as they should have been and asked officers to look again at them. Councillor PJ Murphy said there should be a more generic risk about the failure of key suppliers in the register.

ACTIONS: Mike Sloniowski


Councillor Guy Vincent asked what the process was for challenging risks submitted by Directors. Mike Sloniowski said they should be reviewed and discussed within service management teams. He added that he would be going through service risk registers in depth with officers to get assurances they are up to date and of a high quality.


The Chair asked if all departments were now taking risk as seriously as they should. Mike Sloniowski said risk management was very much seen as a top priority for services.


Councillor Nicholas Botterill noted that the risks presented seemed to be reactive – they were all known quantities - but events like the Grenfell Tower fire showed that officers needed to look at where the gaps in their thinking could be. David Hughes said he would be reviewing the current risk identification process and report back to the committee about what improvements would be made to ensure all areas of risk were considered.


Councillor Vivienne Lukey said she hoped the Council would also be looking at how departments can work together and take a more strategic view. Kim Dero reassured the committee that since being appointed as Chief Executive she had taken a more hands-on approach to risk management – discussing risk and business continuity at regular senior leadership team meetings and holding service resilience team meetings. She said she would raise the issue of how often risks were refreshed with Directors and ensure there was robust challenge of the registers at senior management level.

ACTION: Kim Dero


Councillor Mark Loveday noted that a report on the risks of the disaggregation of shared services was expected but was not on the agenda. Officers said the report would be coming to the September meeting.


Councillor PJ Murphy asked if the Council needed to get in an external consultant to look at risk in the organisation from a new perspective. Kim Dero replied that the Council had recently hired David Hughes as the new Director for Audit, Fraud, Risk and Insurance and she was confident that he would bring fresh ideas and expertise to the organisation. Councillor Michael Adam said external advice on crisis communications could be very useful as it was an area the public sector was not generally very good at. Mike Sloniowski said he would take that away and evaluate that suggestion as part of the review of audit and risk processes and procedures.



That the Committee noted the report.

Supporting documents: