Agenda item

Report of the Director of Finance & Corporate Services (Treasurer) (AGC/24/2) attached.

The Committee received for information a report of the Director of Finance & Corporate Services (Treasurer) (AGC/24/2) that provided an update on the Corporate Risk Register. The Corporate Risk Register (CRR) captured and described the most significant risks, both internally and externally, facing the Devon & Somerset Fire & Rescue Service (“the Service”), with a focus on cross-cutting risks and major projects and was reported to the Committee on a bi-yearly basis.

The risk management process included the identification, assessment and recording of risks together with mitigating activities.  The Service’s Risk Manager advised that there were currently 12 risks entered on the Corporate Risk Register with 1 risk added and 5 de-escalated to local and thematic risk and no risks closed.  Of the 12 risks on the CRR currently, 5 were high risk and 7 were medium.  The five high risks on the CRR were:

·       CR044 - Cyber-attack causes sustained business systems outage, risk owner Shayne Scott (SIRO). Risk added September 2018. Risk remains indefinitely on register;

·       CR050 - Failure to agree actions to set a balance budget in future years. Risk owner Shayne Scott. This risk was added September 2018. Risk remained indefinitely on the register;

·       CR055 - (SSC003) Failure to thoroughly investigate and learn from safety events and take corrective action to prevent foreseeable reoccurrences. Risk owner Maria Phillips. This risk was added December 2019. Based on current progress it was anticipated that the risk should be de-escalated by 31 March 2024;

·       CR070 - Failure to operate an effective risk assessment process. Risk owner Maria Phillips. This risk was added March 2021. It was anticipated that this risk should be de-escalated 31 March 2024; and

·       CR079 - Inability to assure ourselves that the HFS data created, held and reported on is correct. Risk owner Gerald Taylor. This risk was added February 2022. It was anticipated that this risk should be de-escalated by the end of 2024.

The report set out details of the current position in respect of each of the 5 high risks together with information on how long each risk had been on the Register as requested by the Committee at its previous meeting.  Based on current progress, it was anticipated that both CR055 and CR070 (as above) should be de-escalated to the Health & Safety thematic risk register by 31 March 2024.  The Committee noted that the Executive Board monitored the position in respect of the CRR monthly and took decisions in respect of the closure, amendment or de-escalation of risks as set out within paragraph 3.1 and 3.2 of this report.

The Committee received assurance that appropriate controls were in place to protect the Service’s interests and to achieve its Strategic Objectives.

Reference was made to the point that response to incidents involving flooding for the Service did not attract any funding from Government since this was not a statutory duty under the Fire & Rescue Services Act 2004.  The Committee requested that the Authority consider this matter further with a view to pressing the Government for funding as appropriate to cover this work given the position with climate change and its acute financial pressures.