Issue - meetings
Report on Risk Management Governance (Mid-Year Update)
Meeting: 07/01/2026 - Finance, Audit and Risk Committee (Item 46)
46 RISK MANAGEMENT MID YEAR UPDATE 
PDF 273 KB
REPORT OF THE DIRECTOR – RESOURCES
A mid-year report on the Council’s Risk Management Governance for 2025/26, including proposed changes to the Risk Management Framework.
Additional documents:
- Appendix A - Risk Management Framework Policy Statement.docx, item 46
PDF 99 KB
- Appendix B - Updated Risk Management Framework Policy.docx, item 46
PDF 160 KB
- Appendix C - Updated Risk Management Framework Strategy.docx, item 46
PDF 320 KB
Decision:
RECOMMENDATION TO CABINET:
(1) That Finance, Audit and Risk Committee note and provide recommendations to Cabinet on this mid-year Risk Management Governance update.
(2) That Finance, Audit and Risk Committee comment on the proposed changes to the Risk Management Framework and recommend these changes for approval to Cabinet.
REASON FOR RECOMMENDATION: Cabinet has overall responsibility for ensuring the management of risk.
Minutes:
Audio recording – 1hour 10 minutes 43 seconds
The Director – Resources presented the report entitled ‘Risk Management Mid-Year Update’ and highlighted that:
· Minor changes to the Risk Management Framework were highlighted in paragraph 8.1.2.
· Risks during the first half of the year 2025/26, until September, were detailed in paragraphs 8.2.4 and 8.2.5.
· There was potential for the Financial Stability risk to reduce, as would have a 3-year settlement and not forecasting significant savings needed.
· There remained high risks in relation to Local Government Reorganisation (LGR), Resourcing and Cyber risks.
· Completed and proposed mitigating actions for each of the Council Delivery Plan high-level risks were shown in paragraph 8.2.6. Although some risk scores did not change, there was ongoing work to address these.
· Risk reviews mainly happened on time, or within the parameters of acceptable, as outlined in section 8.3.
· Items that have been added to or removed from the risk register were outlined in section 8.4.
· The Health and Safety Officer retired in September and to mitigate risk in that area Herts County Council were providing some of the professional work and administrative tasks had generally been reallocated.
· Review of the actions form the previous report and the progress in 2025/26 was outlined in section 12.
The following Members asked questions:
· Independent Member John Cannon
· Councillor Paul Ward
· Councillor Ruth Brown
In response to questions, the Director – Resources stated that:
· At the time of producing the report for the agenda, it was too early to consider reducing the risk around Financial Stability. However, this could be addressed and considered in future reviews, as the situation became clearer.
· The Council Delivery Plan included the Corporate Risks, and this was presented, as required, to the Overview and Scrutiny Committee.
· The Local Plan Review had gone from a risk score of 5 to a 7, which was likely due to awaiting a government clarity on the process.
· The Cyber Security risk training did not happen due to sickness and was planned to happen as soon as possible. This session would cover the plan for a cyber-attack, and which services were required to be addressed as priority.
· Business Continuity Plans existed in all service areas and were reviewed annually.
Councillor Stewart Willoughby proposed and Councillor Paul Ward seconded and, following a vote, it was:
(1) That Finance, Audit and Risk Committee note and provide recommendations to Cabinet on this mid-year Risk Management Governance update.
(2) That Finance, Audit and Risk Committee comment on the proposed changes to the Risk Management Framework and recommend these changes for approval to Cabinet.
RESON FOR RECOMMENDATION: Cabinet has overall responsibility for ensuring the management of risk.