Agenda item

This report presents the revised collaboration risk register, as proposed by the Joint Governance Committee’s (the Committee’s) Task & finish Group, for its approval and six-monthly review by the Committee.

Recommendation to Committee

2.1       That the Committee approves the revised register suggested by the Task & Finish Group and officers and agrees any further changes.

2.2       That the Committee ask officers to prepare a heatmap for the 24 April 2024 Committee meeting. Showing changes in risks since this committee meeting.

2.3       It is recommended that a formalised process is adopted for Collaboration risk owners to provide updates on their respective risk mitigations. The recommended process being:

•        Collaboration risk owners should provide updates on their respective risk mitigations at a Joint Management Team (JMT) meeting at least three weeks before the next Committee meeting. The T&CP standing agenda item at JMT will be used to review the register and receive updates on the mitigations.

The Chair of the committee Councillor Paul Follows, thanked all the officers involved in the task group report, and for listening to the discussion and debates.  He also thanked all the members involved for their input.  The chair noted that the committee had before them the output from the group and the revised risk register. The chair welcomed any comments or feedback from the committee members.

Councillor Peter Martin addressed the committee and thanked members and officers for a very good piece of work and the excellent glossary of terms as it was very useful.  He raised a point regarding old risk no. 5 relating to the JMT resources which he noted was rated red.  Councillor Martin asked if the new risk no. 3 and parts of new risk no. 4 needed additional information regarding the JMT and staff resources not being apportioned fairly.

The chair confirmed that old risk no. 5 had been consolidated into new risk no. 3 which accounted for the resources of joint officers, which included the legal and financial aspects of the risk.  Councillor Martin sought further clarification on the location of old risk no 5 in the new risk register other than at a general level.  The chair explained that the current measures and the cost-sharing protocols were agreed upon and that there is a governance structure in place for setting out what is considered fair.  He advised that there were incidences where a 50/50 split was not a fair share (i.e. the Strategic Directo of Place).

The chair explained to the committee that going forward it would be the responsibility of the Joint Governance Committee to raise concerns when it did not believe things were fair, but such concerns should be supported with evidence and examples.  The chair noted that he was keen to avoid members saying things were not fair without any evidence.  The chair advised the committee that on occasion events could occur at either council that would shift the weighting and that was entirely reasonable.

Councillor Martin raised a query regarding old risk no. 8 regarding officer capacity during the transition, he noted that this was also previously rated red.  He felt that the closest risk in the new register was new risk no. 5, however, the new risk did not entirely capture the old risk and he felt that it had been downplayed.

The chair explained to the committee that where they had consolidated interrelated risks, the register now contained the top example of that risk and how it might impact the collaboration and the old risk no. 8 was very much incorporated.  The chair informed the committee that the old risk register contained too many duplications and overlapping risks, and only considered one aspect of the risk, whereas the new register considered the entire risk.

Councillor Martin raised a question regarding old risk no. 11, relating to the dominating priorities of one council, he noted that this was also rated red.  He explained that he was unsure of where the old risk no. 11 was considered in the new risk register.  The chair advised the committee that old risk no. 11 was considered within new risk no. 3, in that the collaboration would be legally and financially fair.  The chair repeated that on occasion events would occur at either council that would shift resources and that was entirely reasonable.  He noted that what would not be acceptable, would be for example, where one council's corporate strategy would dominate the other council's corporate strategy.

The chair noted that there were occasions of less obvious resource unbalance, i.e. because of being under-resourced, Waverley's Legal Services had been using resources from Guildford's Legal Services.  And equally, financial resources from Waverley had been used to help Guildford. The chair noted that only when it was considered unfair legally or financially the risk articulates that it would be a matter for discussion.  He felt that it was the mechanics of being able to raise such evidence-based concerns and how they are addressed.

Councillor Martin explained to the committee that he was concerned that the new risk register had little if any consideration for IT risks.  He noted that in the previous risk register, old risks no. 17 and no. 27 had both considered IT risks and were also rated red.  He believed that they had been incorporated into new risks no. 11 and no. 12 but were vaguely mentioned.  Councillor Martin stressed how important it was that IT risks were significantly covered, especially if there may be an intention to merge the IT systems.

Responding to the query the chair advised the committee that new risk no. 10 referred to 'Effective and efficient IT solutions cannot be afforded'. He agreed with Councillor Martin, that there was no risk regarding an attempted IT integration.  The chair invited Yasmine, Makin, Business Transformation Manager to address the committee.

Yasmine Makin advised the committee that an IT system integration failure was not in the wider collaboration risk register but would be included in all the risk registers for the different projects where IT systems could be impacted, and when looking at changes to IT systems it would be a major risk in those risk registers.  Yasmine Makin advised the committee that if it believed that an IT system integration failure was a threat to the wider collaboration then it would be something that could be added to the collaboration risk register.

The chair noted that it should be added to new risk no. 6 'There is a risk non-collaborative projects and programmes suffer due to collaborative work' as a potential risk outcome.  Councillor Martin reemphasised that IT systems were a major risk for the collaboration and that an indirect mention was inadequate, he felt that it needed a much more direct mention on the new risk register. The chair advised the committee that IT systems could not be considered as just one holistic package for the whole council, but instead, it is approached by each service area.

The chair explained that the service area level within the collaboration was where you would expect to see such IT risks expressed with a specific focus on that service area.  He did feel that there was scope to perhaps be more specific regarding the principal financial IT risks.  Yasmine Makin explained the process used by the transformation team to identify and categorise risks.  She explained that it would require understanding the risk outcome and mitigations, but she would be happy to include the risk if it was something the committee wanted.

The chair added that there would be a risk to savings and would be in line with new risk no.9.  He noted that what was not included was the risk of excessive costs of IT integration or if it caused a major service issue.  Councillor Martin suggested that under new risks no.11 or no. 12 under examples of risk, adding the IT integration risk.  The chair agreed to amend new risk no. 11 to articulate the IT integration risk.  Councillor Martin advised the committee that the old IT risks no.17 and no 27, were both rated red in the old register, however, in the new register risks no.11 and no. 12 were now rated amber.  Councillor Martin felt that this was not quite right and advised that he was concerned.

The chair noted that the threshold for the scoring was re-evaluated as part of the task group's work.  Yasmine Makin advised the committee that the risks were consolidated by the task group the newly agreed risk was rated amber.  She noted Councillor Martin's point and suggested conducting an exercise to review the previous risk before being consolidated and the difference in the new ratings to highlight and articulate the reason for any changes. She noted that with the suggested amendments to new risks no.11 and no.12, it would be a worthwhile exercise.  The chair also added that this was a new committee and the previous committee's risk appetite was different.

Councillor Merel Rehorst-Smith addressed the committee, she queried new risk no. 3, asking how the committee intended to define fair, i.e. a timeline, financial or would resources be paid back in lieu.  She queried the duration of shifting resources and how it might impact the other council.  The chair explained that the starting point for fairness began with the inter-authority agreement between both councils which defied how costs, services and resources were shared.  He added that if there was evidence to prove that things were deviating from the inter-authority agreement then it should be brought to the Joint Governance Committee and each council's Executive for discussion.

Councillor John Robini addressed the committee, he advised that he supported the suggestions for IT changes to the register but was concerned that the old risk ratings were red and a common threat through at least 5 risks all related to IT.  He referred to new risk no. 5 and thought it should be red and not amber.  The chair advised the committee that they were looking very carefully at the cases where IT integration was required and noted that it did not need to be integrated all at the same time.  The chair outlined the process of what a service area integrated IT systems project might look like and confirmed that each would have a business case put forward with options including the possible risks. 

Councillor Robini raised another concern regarding communications, he felt that the Waverley communications team had taken on a large amount of work, and he was unsure how they would manage this new workload.  Councillor Robini also felt that councillors were still not receiving enough communication regarding the collaboration and advised the committee that he would like to see the collaboration communication plan and the strategy for wider publicity.

The chair advised the committee that the collaboration did not currently have a communications plan, and there was a risk in terms of the communications team's general capacity.  He noted that the communications team had recruited additional resources.  The chair asked that an action be noted requesting a communication plan be developed for the collaboration.  He advised that it would be added to the agenda for the next meeting and the Communications Team would attend.

Ian Doyle addressed the committee, he advised that when discussing IT, it was often referred to as one broad issue, however, there were several issues to consider.  He advised that his main concerns were the costs and feasibility of combining systems service by service, as it limited the amount of financial savings and the effectiveness of the collaboration.  He advised that there were also some broader issues i.e. Zoom vs MS Teams.  The chair noted that there was a broader enabling layer to the collaboration affecting communication i.e. email, Zoom and MS Teams.  He noted that he was concerned as it impacted officers and members across both councils and should be tackled first.

Council Martin raised a query regarding the columns entitled residual likelihood, Residual impact, and residual rating.  The chair explained to the committee that with any risk there was only so much that you could do to mitigate that risk and whatever actions are taken to mitigate that risk there will always be some residual risk that will remain as you will not be able to completely eliminate it.  He added that sometimes the point of bringing the risk down to zero is too high and you accept the residual risk.

Yasmine Makin addressed the committee and confirmed the chair's explanation of residual ratings.  She advised that the most important thing was the difference between the overall current rating and the residual rating and if they did not match what mitigations were in place, which ones were current and which ones were planned; and if any further mitigations would be required.

Councillor Martin noted the response, and he accepted that it could be applied to new risk no. 7 but was less convinced that it applied to new risks no. 4 and no.9, which both had red residual ratings. The chair informed the committee that the current political framework made it impossible to plan from one year to the next. Councillor Martin raised a point on page 32, relating to the change in the impact scores and the financials.  He queried why only a short time ago devastating amounted to £500,000 and now it amounted to over £1,000,000. He felt that it was a big change and sought justification for the change.

The chair advised the committee that the previous methodology was outdated and £500,000 for each council was no longer devastating, he felt that a £1,000,000 would be more problematic.  Yasmin Makin advised the committee that the task group discussed the subject at some length, and it was agreed that the revised amount of £1,000,000 felt instinctively correct.  Councillor Martin queried individual risk per line and accumulated risks.  The chair confirmed that the risks were costed per line.  The chair and Councillor Martin discussed producing a cumulated average risk score for the entire risk register, providing a sum total of the risks.  The chair suggested that any such scoring should be produced as a narrative statement rather than a calculation.

Councillor Rehorst-Smith sought further clarification on how new risks would be quantified.  The chair advised that collaboration risks identified via each council's risk register should be brought through their Executive and then to the Joint Governance Committee.  Councillor Kiehl identified that there were no previous risks relating to new risk no. 4 and queried if that meant it was a new risk.  Yasmine Makin believed that it was a risk that had been separated and that she would check and confirm.  Councillor Kiehl thanked all the officers and members involved for their involvement in the task group and hard work in producing the revised register.

Resolved:

2.1       Agree the revised register suggested by the Task & Finish Group and officers and agreed on any further changes.

2.2       Asks officers to prepare a heatmap for the 24 April 2024 Committee meeting. Showing changes in risks since this committee meeting.

2.3       Agree that a formalised process is adopted for Collaboration risk owners to provide updates on their respective risk mitigations. The recommended process is as follows:

o          The Committee agreed that collaboration risk owners should provide updates on their respective risk mitigations at a Joint Management Team (JMT) meeting at least three weeks before the next Committee meeting. The T&CP standing agenda item at JMT will be used to review the register and receive updates on the mitigations.

2.4       Agree amendments to the new risk no. 11 to articulate the IT integration risk.

2.5       Agree to develop a Collaboration Communication Plan, which would be presented by members of the Communications team at the next G&W Joint Governance Committee meeting.