straTegic risk update

Head of Audit and Risk Management


1.1       This report presents the updated Strategic Risk Register.


2.1       The Governance and Audit Committee to provide feedback for CMT on the Strategic Risk Register attached


3.1       To ensure Council; has identified all its key risks so that these can be appropriately manages and mitigated.

4          Alternative Options Considered

4.1       There are no alternatives.


5.1       The Register was last reviewed by the Strategic Risk Management Group(SRMG) on 12th August and the Corporate Management team (CMT) on 8th September 2021 and the following changes have been made following review:

·         To increase Risk 1 on finance in response to anticipated overspends and the need to identify saving for 2022/23 to secure a balanced budget;

·         To increase Risk 3 on adult social care where both the unmitigated and current residual scores have both increased due to the impact of COVID 19 which has put pressure on adult social care providers and hence the supply chain;

·         To increase Risk 8 on data protection risk as the volume of sensitive data handled has increased, hence the opportunities and therefore the risks for breaches has also risen; and

·         To increase Risk 12 on children’s social care due to greater pressure in the supply of places available resulting in difficulties in finding suitable placements for children.

6.         Consultation and Other Considerations

Legal Advice

6.1       There are no specific legal implications arising from the recommendations in this Report.

Financial Advice

6.2       There are no financial implications arising from this report.


Other Consultation Responses

6.3       The register was reviewed by SRMG and CMT on 12th August and 8th September respectively.

Equalities Impact Assessment

6.4       Not applicable.

Strategic Risk Management Issues

6.5       A robust Strategic Risk Register that is a complete and up to date record of the significant corporate risks is essential for effective risk management, enabling the Council to prioritise resources to identify and implement actions to address the threats to the achievement of the Council’s objectives and make informed decisions

Background Papers

Risk Management Strategy


Contact for further information

Sally Hendrick, Head of Audit and Risk Management - 01344 352092
















5  Very High

4  High

3  Significant

2  Low

1  Almost Impossible



5 Catastrophic

4 Critical

3 Major

2 Marginal

1 Negligible










3. Special education needs


4. Adult social care supply chain and socio economic risks ñ


12 Children’s Social care  ñ 










10. control environment


11. COVID   



8. Data protectionñ

1. Finance and economic  ñ


7. Cyber


2. Staffing


9. Business continuity










7. IT Strategy




6.. Safeguarding children and vulnerable adults







































Strategic Theme 1:Value for money

Risk 1: Significant pressures on the Council’s ability to balance its finances whilst maintaining satisfactory service standards

Risk Owner:  Executive Director: Resources

Risk Rating (Likelihood x Impact)

Unmitigated 5 x 5

Current Residual 3 x 4

Target Risk Score 2 x 4

Potential Impact

·   Strategic objectives and statutory duties not met


Rationale for current score:

Current risk score increased due to forecast overspend and early stages of 22/23 budgeting process where savings have still to be identified to secure a balanced budget.


Rationale for target risk score

Achieving a sustainable financial position is a core responsibility.


Current RAG rating


Current Actions (What we are currently doing about the risk)

·     The approach to budget monitoring has been changed to reflect the level of unpredictability. Now identifying best and worst case scenarios and tracking use of the covid contingency.

·     Monthly returns are being provided to MHCLG, supporting the need for additional Government resources to be provided to cover the unprecedented additional costs arising from Covid-19 measures

·     Approved plans are in place to invest in projects that will both provide improved local facilities for residents and reduce costs / increase income to mitigate future spending pressures, e.g. Heathlands and the Property Joint Venture.  Regular updates on these projects are provided to CMT.

·     Preparations have started for the 22/23 budget with significant uncertainty at this stage around the level of resources available


Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities



Officer responsible

Target date

Specific focus in Covid-19 “recovery” work to identify opportunities to change to systems and processes with lessons learned from working arrangements since March

Executive Director: Finance




Strategic Theme 1: Value for money

Strategic Theme 2: Economic resilience

Strategic Theme 3: Education and skills

Strategic Theme 4: Caring for residents and their families

Strategic Theme 5: A clean, green and responsibly sustainable place

Strategic Theme 6: Communities

Risk 2: Staffing pressures

Risk Owner: CMT

Risk Rating (Likelihood x Impact)

·   Unmitigated 5 x 4

·   Current Residual 3 x 4

·   Target Risk Score 3 x 3


Potential Impact

·   Increased financial pressures due to high reliance on locums and agency workers

·   Increased reliance on market premia and retention payments due to labour market pressures i.e. social workers and specialists post

·   Potential for weakness in resilience in key areas as locums and agency workers can leave at shorter notice.

·   The loss of experienced permanent staff and replacement with less experienced agency personnel.


Rationale for current score:

Reduction in difficulties currently being experienced in recruiting to key technical posts due to pressures in the market and delays arising from COVID 19.


Rational for target risk score

Staff are the key resource in delivering key services and providing support to front line services.


Current RAG rating


·     Current Actions(What we are currently doing about the risk)

·     Management information on long term, high cost locums/ agency workers now being produced for peer review at CMT.

·     Retendered neutral agency vendor contract

·    New campaign out for OTs

·     Preparing an ongoing campaign for Children’s Social Workers to reduce the number of recruits that are currently coming through from agencies at an extra cost.

·     New mobile friendly job application form

·     Regional benchmarking of salary and benefits paid by other local authorities – part of recruitment project which will inform future recruitment and retention strategy

·     Small budget set aside to boost visibility and target applicants free of charge for specific adverts for traditionally hard to fill posts. 

·     Well-being initiatives and research activity underway that will diagnose support needed to staff

·     Current HR-OD redesign process is implementing instant win improvements to processes and systems for recruiting

·     managers and potential applicants i.e. mobile application functionality

·     People – workforce board – meeting monthly to discuss, plan and optimise staffing budget across services

·      Exit interviews are undertaken with it being possible to request a full one. Hard to recruit areas are being targeted.

·      Market premia is being implemented where required plus, where applicable, consultants are being moved to employee status

·     Staff wellbeing surveys being undertaken on a quarterly basis in response to additional pressures from COVID

·     Managers Handbook developed and awaiting review before issuing


Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date

The move to use of permanent/fixed terms contracts as an alternative to locums and agency arrangements is progressing with 4 locum posts having already been or in the process of being converted to permanent posts.



Well being and employee experience will be a focus of the HR-OD offer currently being planned to contribute to retention of staff which will be a priority within the future Recruitment and Retention Strategy.

Assistant Director: HR and OD


HR-OD service restructure will refocus service offer and Talent Manager role will then plan and write business plan offer.



Assistant Director: HR and OD


Consideration of applying market premiums and other retention incentives within the other services where agency costs are increasing.


As necessary

Non-monetary offers need to be considered

Assistant Director: HR and OD


New Home Working Policy to be introduced which will relax requirements for location of employees facilitating recruitment from a wider pool of candidates



Working with the neutral agency vendor to review current arrangements and re-embed with managers the benefits of going through the agency vendor to reduce off contract spend.


Assistant Director: HR and OD

31 October 2021

Looking at ways to make the recruitment process more efficient for all parties by exploring/utilising aspects of the systems that we currently do not use.


Assistant Director: HR and OD





Strategic Theme 3: Education and skills

Risk 3: Council unable to ensure children with special education needs receive timely and appropriate support for their education due to the rate at which demand is increasing and insufficient internal resources to respond effectively.

Risk Owners: People DMT

Risk Rating (Likelihood x Impact)

Unmitigated 5 x 4

Current Residual 4x 4

Target Risk Score 2 x 3

Potential Impact

·     Failure to meet demand for support to children with higher level education needs and their parents

·     Statutory duties not met due to pressure on services

·     Increased budget pressures owing to market inability to meet demand and competition driving up places


Rationale for current score:

Steep increase in children with an EHCP. Increased pressures on internal resources to  deliver education psychology, undertaking the identification, assessment and monitoring of provision for children that require an Education Health Care Plan (EHCP) 2, parental guidance and dispute avoidance and resolution exacerbated by high staff turnover. DfE funding does not cover increased cost of using the private, voluntary and independent  private sector to cover shortfall in internal resources. 


Rationale for target risk score

Risk appetite is fairly low due to statutory responsibilities to safeguard and educate.


Current RAG rating


Current Actions (What we are currently doing about the risk)

·     SEND Commissioning Strategy & Plan developed

·     High Needs Block project progressing: commissioning framework in development, realignment of budget, high levels of scrutiny

·     Restructure of SEN Team and changes in processes

·     Review and restructure of SEN Support Services

·     SEN Task and Finish Group

·     SEND Improvement Board set up with all stakeholders

·     Review of current Education Establishment sites and feasibility study to explore what additional provision can be developed within borough, which will reduce cost and provide more local places: Specialist Resource Provision x 8 have been developed to provide on school site specialist units

Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date

Lead commissioning officer to take forward the implementation priorities set out within the SEN Commissioning Plan and Action Plan

AD Commissioning


Increase resources to facilitate development and implementation of improved annual review processes and placement decisions

AD Education & Learning


Commitment to a cross-service governance panel of the delivery of the SEN commissioning plan that also includes partners from Health.

AD Education & Learning


Making available commissioning support and consistency in procuring and maintaining SEND provision through appropriate resources and additional capacity,

AD Commissioning




Strategic Theme 4: Caring for residents and their families

Risk 4: Council unable to sustain delivery of services to support adult social care needs due to  uncertainty of changes in demand arising from socio-economic factors and insufficient external provision for adult social care.

Risk Owners: Executive Director: People

Risk Rating (Likelihood x Impact)

Unmitigated 5x4

Current Residual 4 x 4

Target Risk Score 3 x 3

Potential Impact

·       Failure to meet demand.

·       Statutory duties not met.

·       Increased budget pressures

·       Needing to move people from one setting to another at short notice


Rationale for current score:

The unmitigated and current residual scores have both increased due to the impact of COVID 19 which has put pressure on adult social care providers and hence the supply chain.


Rationale for target risk score

With changes in the adult social care provider market, the Council will have to accept a higher level of risk.


Current RAG rating




Current Actions (What we are currently doing about the risk)

·            People Care Governance board in place to manage any strategic provider safeguarding and quality issues

·            Continuing rollout and development of contract monitoring toolkit and approach

·            East Berks Commissioners group developed during COVID is ensuring a collaborative approach to market management including a specific task and finish group reviewing capacity

·            East Berks COVID Care governance group meets weekly to support providers where there is an outbreak and support a co-ordinated response

·            Market Position Statement is currently in development

·            Development of Heathlands is progressing

·            Regular provider forum’s ensure we are kept up to speed with emerging issues

·            Use of the NHS capacity tracker to assess local supply

·            Risk and Issue log in place and reviewed across operations, safeguarding and commissioning 3 times a week that includes and market capacity issues and risks

·            Care home resilience plans developed during pandemic. These were considered to be examples of exemplary practice by the Local Government Association and ADASS (the safeguarding adults network).

·            Linked into the national social care sector COVID Support Task Force which oversees implementation of the Government’s care home support package .

·            Financial support provided to social care providers  between April and July to meet costs and loss of income associated to Covid outbreak

·            Review of Adults Conversations Model, conversation 3, as part of transformation project

·            Assess purchasing intentions based on the current appraisal of the range of support.

·            Analysis prepared on the annual impact of demographic change as part of the council’s budget setting process

·            Reducing demand through prevention / reablement / review of existing care packages

·            Finance tracker reviewed monthly and intelligence used to address pressure points


Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date

Develop the Market Position Statement  with the Market

AD: Commissioning


Continue to work across East  Berks as a collaborative approach to manage market gaps and encourage strategic supplier management


Executive Director:People


Council is currently reviewing domiciliary care market and , reviewing the CBS framework which had effect of reduction of supply available in the borough

AD: Commissioning


Place Summit, which will contribute towards a contemporary understanding of our local problem profile 


Executive Director:People


Review of Better Care Fund to identify areas of service improvement 


Executive Director:People


Covid 19 may have altered the profile of Older People and their subsequent long-term needs.  Further national work would be required before we can do any modelling on this. 


Executive Director:People




Strategic Theme 4: Caring for residents and their families

Risk 5: The Council does not identify and discharge all its responsibilities for safeguarding children and vulnerable adults


Risk Owner Executive Director:People

Risk Rating (Likelihood x Impact)

Unmitigated:  5 x 5

Current residual:   2 x 4

Target Risk Score 2 x 3

Potential Impact

·   Death or serious injury

·   Prosecution

·   Detrimental impact on council reputation

·   Censure by inspection

·   Public dissatisfaction

·   Relationship with partners impaired


Rationale for current score:

Active controls in place to mitigate risk.


Rationale for target risk score

Increased in Qtr 2 as the Government’s guidance had been that the full suite of safeguarding measures could not be delivered due to COVID-19.



Current RAG rating


Current Actions (What we are currently doing about the risk)

·   Continue to roll our safeguarding awareness programmes for all internal staff and stakeholders

·   Adherence to the pan-Berkshire safeguarding children procedures

·   Training provided for all staff as identified in induction and through appraisal process

·   All staff have regular supervision as per the council’s policy

·   Ensure that the audit programme for children’s social care is adhered to

·   Supervision and appraisal policy in place and applied including review of PDP

·   Embedding of Family Safeguarding Model of practice to ensure strong evidence-based practice with highly skilled and trained workers

·   Opportunity for greater collaboration with local stakeholders through the People Safeguarding Board covering Adults and Children is being implemented

·   Ensure that people are fully involved with the safeguarding process

·   Promote positive risk management by ensuring people are supported to identify risks associated with those actions and have risk management plans in place

·   Multi-agency risk framework now in place

·   Make Safeguarding Personal as per the Care Act 2014 in place

·   Dedicated work on contextual safeguarding

·   Identification and delivery of relevant training and development for staff

·   Regular audits of practice including case audits and supervision files

·   Regular monitoring of data and information

·   Annual reporting to DMT, Executive Director for People, Chief Executive and Safeguarding Board

·   CSE and missing focused work

·   Work of the Safeguarding Board in prevention / communication

·   Review of school related policy documents where there is a potential risk of harm, e.g. administration of medicine and review of training

·   Highlight headteacher and governor responsibilities

·   School visits / activity logs / systems

·   Ensuring staff are kept up to date with training and developments in practice, within a partnership environment


Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date

·   Mechanism for reporting and learning from serious and untoward incidents being developed

AD: Commissioning


·   Review of current policy portfolio

Executive Director: People


·   Ensure learning from ministerial serious case reviews is a rolling programme

People DMT


·   Embed new policy mechanism for reporting and learning from serious and untoward incidents.

People DMT



·   Place Summit, which will contribute towards a contemporary understanding of our local problem profile

Executive Director:People

Ongoing ?

·   Reorganisation of our safeguarding and QA teams, establishing effective leadership structures with the aim of instilling a culture of greater rigour and continuous improvement

AD: Commissioning


·   Recruit to 3 permanent Head of Service roles in the coming months and we have appointed a full-time Principal Social Worker who will be transitioning into the role.



·   Implementation of Tri-X policy portfolio for adults and children’s services



AD: Commissioning



Strategic Theme 1:Value for money

Strategic Theme 2: Economic resilience

Strategic Theme 3: Education and skills

Strategic Theme 4: Caring for residents and their families

Strategic Theme 5: A clean, green and responsibly sustainable place

Strategic Theme 6: Communities

Risk 6: IT Strategy and digital infrastructure fails to meet the needs of the organisation.

Risk Owners: Executive Director Delivery

Risk Rating (Likelihood x Impact)

Unmitigated 4 x 5

Current Residual  2 x 3

Target Risk Score 2 x 3

Potential Impact

Disruption to services. Failure to meet statutory duties.



Rationale for current score:

Actions have been identified and are being implemented to address weaknesses identified in technical infrastructure and systems that are not fit for purpose. There is now a clear strategy plus an assessment has been undertaken.


Rationale for target risk score

Appetite is low due to dependency on IT for delivery of all services


Current RAG rating


Current Actions (What we are currently doing about the risk)

·     Improvement programme being implemented and updates being provided and being monitored at CMT on a regular basis

·     New Digital and ICT Strategy for 2021 to 2021 has now been approved

·     Networking Strategy developed for approval

·     Remedial work to fix infrastructure issues continuing.

·     Cloud migration strategy underway

·     Phase four of Office 365 programme being scoped, to ensure we maximise the return on our investment in the Enterprise Licensing


Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date





Strategic Theme 1: Value for money

Strategic Theme 2: Economic resilience

Strategic Theme 3: Education and skills

Strategic Theme 4: Caring for residents and their families

Strategic Theme 5: A clean, green and responsibly sustainable place

Strategic Theme 6: Communities

Risk 7 IT controls or staff vulnerabilities fail to prevent a cyber attack and/or unable to respond effectively to an attack to enable IT services to be sustained.

Risk Owners: Executive Director Delivery

Risk Rating (Likelihood x Impact)

Unmitigated 5 x 5

Current Residual 3 x 4 Target Risk Score 2 x 2

Potential Impact

·     Disruption to services.

·     Failure to meet statutory duties.

·     Reputational damage.

·     Financial loss


Rationale for current score:

The inherent likelihood of cyber-attacks against local authorities has risen with more sustained and intense attacks.  The current likelihood of the risk materialising has hence increased.

The impact of an attack is mitigated by improving cyber security controls in IT, and Disaster Recovery and Business Continuity arrangements. An external review of cyber risk controls is currently ongoing which will identify if this risk can now be reduced.


Rationale for target risk score

Appetite is low due to dependency on IT for delivery of all services.


Current RAG rating


Current Actions (What we are currently doing about the risk)

·     Cyber Security policies all re-written and published on the intranet

·     Microsoft SCP ATP II Licensing acquired for advanced security on Office 365- Outlook, Office, SharePoint and Teams as well as security and compliance on all Council data.

·     Windows Defender ATP deployed for the best in class anti-virus protection for all laptops. 

·     MS Intune deployed for protection of smartphones

·     PSN compliant

·     Members of government early warning groups such as NCSC (National Cyber-Security Council ) and SEGWARP (Warning, Advice and Reporting Point)

·      Mandatory Information security and GDPR training before access is given to systems

·     Disaster Recovery Plan and Action Plan for the systematic recovery of systems.

·     Disaster Recovery contract with a provider to get systems up and running and an Action Plan for the systematic recovery of systems

·     Cyber risks monitored through Delivery risk register

·     Risks of cyber attacks covered regularly in IT newsletter

·     NCSC Cyber Security training package undertaken by staff in IT and Digital Services

·     New VPN with Split Tunnelling has been implemented.  Microsoft Defender Advanced Threat Protection web filtering has been implemented.

·     External review of cyber controls is  underway. This will deliver recommendations on technical improvements, ICT staff development and organisation-wide staff training that will help to  improve our cyber resilience.

·      New VPN configuration reduces risk of successful cyber-attack.

·     Cyber training identified

·     New network strategy developed will enable greater resilience against cyber attacks

·     Cyber review undertaken and action plan is in development to address recommendations


Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date

Technical training for two staff in ICT has been completed. Two further staff have been enrolled on training. Cyber security e-learning has been made available to the whole organisation. Work is being taken forward to identify the most effective way to mitigate the risk of phishing such as further training and developing anti- phishing policies. To consider if carrying out simulations tests would be an effective way of raising awareness and vigilance to the threat of phishing

Assistant Director: Customer Experience, Digital & IT


The new Networking Strategy will mean each component on the network performs independently as a security component, and this will be implemented over the next year..

Assistant Director: Customer Experience, Digital & IT


Deploying MS Azure B2B to enable secure collaborative working with partner organisations. A proposal to use Windows Virtual Desktop was considered at IT Steering Group on 11/8/20. This will facilitate secure working with partners and extend BYOD to include all hardware. Windows Virtual Desktop currently being tested by users.


Assistant Director: Customer Experience, Digital & IT


Cyber Essentials Certification project to be restarted following departure of the project manager.

Assistant Director: Customer Experience, Digital & IT


Sign-up to MS Sentinel for cyber attack management when servers begin moving to Azure .

Assistant Director: Customer Experience, Digital & IT


Exploring feasibility of procuring cyber insurance

Head of Audit and Risk Management

Assistant Director: Customer Experience, Digital & IT




Strategic Theme 1:Value for money

Strategic Theme 2: Economic resilience

Strategic Theme 3: Education and skills

Strategic Theme 4: Caring for residents and their families

Strategic Theme 5: A clean, green and responsibly sustainable place

Strategic Theme 6: Communities

Risk 8: Council unable to comply with data protection/security requirements to secure data resulting in inappropriate disclosure, loss or theft of sensitive data.

Risk Owners: Executive Director Delivery

Risk Rating (Likelihood x Impact)

Unmitigated 3 x 4

Current Residual 3 x 3

Target Risk Score 2 x 3

Potential Impact

Fines/penalties. Disruption to services. Failure to meet statutory duties. Removal of access to external databases and systems e.g. DWP


Rationale for current score:

The ICO follow up inspection of 2021 has been completed with no further comment on the compliance landscape. However, as the volume of sensitive data handled has increased, the opportunities and therefore the risks for breaches has also risen. This risk profile therefore has changed due to increase in quantum rather than lack of effectiveness of control  

Rationale for target risk score

In addition to the financial risk, financial penalties are now very high and will be increasing further hence the Council will seek to minimise the risk of these being incurred.

Current RAG rating


Current Actions (What we are currently doing about the risk)

·      Annual GDPR online training for all staff (95% target achieved for 2021/22)

·      The Information Management Group with new terms of reference and new membership is meeting regularly to review action plans, corporate lessons learnt and performance data

·      DPO / SIRO monitoring information security breaches for trends and systemic failures. Working with Information Management Group and reporting to CMT to report issues and roll out process changes.

·      Monitoring of Subject Access Requests is now a standard agenda item for the Information Management Group and Corporate Management Team.

·      Information Governance Leads have been identified and trained. Internal review has been completed and changes made following first year of operation.

·      The Information Asset Register is now complete and CMT have agreed how this will be maintained going forward

·      CMT have agreed how the Information Asset Register with fit into EDRMS which will provide the retention and destruction framework.

·      All teams have now migrated their data into the EDRMS (SharePoint) file structures so that all held data now has markers for sensitive data and had a retention schedule attached to it.

·      Security of data in personal folders has been increased by moving these to the cloud based One Drive with onward programme to see this in EDRMS.

·      Audit by the Information Commissioner’s Officer complete with no further comments. Action plan and process of continuous improvement now embedded in practise.

Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities


Officer responsible

Target date

The DPO role has transferred from the Legal service to the IT service, allowing greater links between the technology and the business process. The new DPO will be introducing automation to some of the compliance processes, reducing the number of staff handling each request. This in turn reduces the risk of a breach

Executive Director: Delivery


CMT has agreed to deploy the new National Graduate Trainees for their first placement in IG. This will give needed capacity to the organisation to complete a full stock take of DIPA and ensure that these are current and up to date

Executive Director: Delivery


Progress on the action plan arising out of the ICO inspection to be monitored by the Information Management Group.

Executive Director: Delivery


Review of the work of the IG divisional leads to complete lessons learnt exercise and roll out further embedding of the role and role outcome

Executive Director: Delivery


Roll out guidance and training for Information Asset Owners (IAO), embedding corporate ownership and clear accountability

Executive Director: Delivery



Strategic Theme 1:Value for money

Strategic Theme 2: Economic resilience

Strategic Theme 3: Education and skills

Strategic Theme 4: Caring for residents and their families

Strategic Theme 5: A clean, green and responsibly sustainable place

Strategic Theme 6: Communities

Risk 9: The Council’s  Business Continuity Management (BCM) fails to effectively deal with potential threats and risks.

Risk Owners: Executive Director: Delivery

Risk Rating (Likelihood x Impact)

Unmitigated 4 x 5

Current Residual 3 x 4

Target Risk Score 2 x 3


Potential Impact

·     Lack of ability to respond in a coordinated manner during a Business Continuity event, particularly when affecting the whole Council over prolonged periods.#

·     Enforcement action under the Civil Contingencies Act 2004.

·     Reputational damage.



Rationale for current score:

The risk remains significant because the improvement programme put in place is not completed as this has been overtaken by events with COVID-19 and planned actions have not yet been completed as originally intended. There will be a need to look at the new ways of working after recovery following COVID-19 as this may mean the new Business Continuity Plan that was due to be developed will be different to what was expected pre-Covid-19. There is also the potential impact of Brexit on service continuity e;g. the impact of the shortage of HGV drivers on delivery of necessary supplies.


Rationale for target score

The Council has agreed that as minimum the level of improvement should take the Council to Low risk if not best practice.


Current RAG rating


Current Actions (What we are currently doing about the risk)

·     Following the external review an action plan is now in place to ensure all service and corporate business continuity plans covering essential and critical functions are in place and robust by 30 September 2021

·     Service Business Continuity Liaison Officers and Emergency Planning Liaison Officers have been identified to work with the Emergency Planning Unit

·     Business Impact Analysis Workshops and Drop-in Sessions have taken place.

·     Recovery Workshops have taken place.

·     A number of Service Plans are now in place and being reviewed.

·     The Service Plans which have not been completed are being targeted in order to complete the update of all plans by 15 September 2021.

·     From  September 2021 the 3 year programme of exercising specific service plans and the corporate plans  along with the annual light touch revision and 3 yearly review of the plans will be put in place.


Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date

Developing strategic governance document for business continuity

Emergency Planning



All Service & Corporate Plans to be in place

All Services & Emergency Planning



Formal review programme in place

Emergency Planning



Service and/ or Corporate Exercises programme in place

Emergency Planning



Undertake corporate business continuity exercise

Emergency Planning & All services

March 2022



Strategic Theme 1:Value for money

Strategic Theme 2: Economic resilience

Strategic Theme 3: Education and skills

Strategic Theme 4: Caring for residents and their families

Strategic Theme 5: A clean, green and responsibly sustainable place

Strategic Theme 6: Communities

Risk 10: Weaknesses in the internal control environment.

Risk Owners: CMT/DMTs

Risk Rating (Likelihood x Impact)

Unmitigated 5 x 4

Current Residual 3 x 3

Target Risk Score 2 x 2

Potential Impact

Increased potential for financial loss, fraud and safeguarding issues. Reputational damage. External sanction.


Rationale for current score:

Risk reducing as action taken is improving the control environment but more time is needed to ensure this is embedded effectively.


Rationale for target risk score

Appetite is low is as ensuring that an effective control environment is in place is fundamental to ensuring the organisation’s objectives are met and is a statutory requirement under the Accounts and Audit Regulations.


Current RAG rating


Current Actions (What we are currently doing about the risk)

·     Limited assurance audit reports monitored at DMTs.

·    Follow up audits of limited assurance areas being completed during 2020/21

·    Regular review of reporting to CMT on impact of audit deferrals and outcomes on 20/21 audit opinion

Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible

Target date

Regular specific slots at CMT and DMTs on audit and governance







Strategic Theme 1:Value for money

Strategic Theme 2: Economic resilience

Strategic Theme 3: Education and skills

Strategic Theme 4: Caring for residents and their families

Strategic Theme 5: A clean, green and responsibly sustainable place

Strategic Theme 6: Communities

Risk 11: Council unable to deliver essential services and meet the needs of the community due to pressures from coronavirus on internal staff resources and external suppliers providing critical functions and increased demands for support arising from people and groups requiring support.

Risk Owners: CMT

Risk Rating (Likelihood x Impact)

Unmitigated 4 x 5

Current Residual 3 x 3

Target Risk Score 2 x 3

Potential Impact

·     Council unable to deliver statutory/ Covid functions effectively to all groups needing support

·     Reputational damage

·     Continued loss of income from income generating services

·     Staff isolation Exposure to fraud, particularly in respect of administration of emergency Government financial support package

·     Council is not able to support the Test and Trace , functions and effectively manage Local outbreaks

·     Sustained increase in Hardship and welfare support requests

Rationale for current score:

The stable prevalence of Covid within the Borough is easing the strain on most council services particularly in relation to Hospital Capacity/discharge, Social Care, Education however  some services remain under additional pressure and new Covid responsibilities are drawing resources away from some planned works and some business as usual which impacts on staffing and  is creating backlogs in small areas of the Council.

Rationale for target score

During a flu pandemic the Council has a key role to play in ensuring that its existing and new essential services to the community are maintained and adapted as well as assisting with Government support initiatives.


Current RAG rating


Current Actions (What we are currently doing about the risk)

·     Continuing to follow the advice of the Government and Public Health England

·     Coronavirus (COVID-19 ) CMT Gold Group meets once a week to consider the potential impacts on staff, service provision and the wider  Bracknell Forest community and coordinate the Council’s response and recovery. Task and Finish Groups set up to feed into the CMT Gold meeting, and aid effective decision making

·      Public Health Team and covid-19 policy team monitoring central government guidance and best practice

·     All departments tasked with enacting their Business Continuity Plans where required and adapting them to address the risk of COVID-19 where appropriate

·     Service areas working with key suppliers ensuring that they have put appropriate business continuity arrangements in place to avoid/mitigate the risk of disruption to critical services

·     Identifying and working with vulnerable groups/ individuals who may need additional support during the pandemic response

·     Communication with staff now taking place via teams, email and phone with almost all staff continuing to work from home (although office space is now available), weekly CX update, and once weekly all member briefing

·     Communication with staff advising them on actions to take if they suspect they have symptoms, testing, self isolation and the methods of recording this, so we have an accurate workforce picture. Those going to the workplace need to undertake testing before doing so.

·     The council is planning and delivering internal communication and engagement to encourage staff vaccine take up and to home test

·     Financial reporting changed to enable identification of any Covid-19 related spend, so that the impact is properly recorded and future claims of financial support from Government can be substantiated

·     IT capacity is under continual review

·     Many face to face contacts are carried out remotely and measures for agreed face to face contact have been agreed at SLG including the appropriate PPE for the specific settings.

·     Monitoring and supporting Schools 

·     Staffing matters are being dealt with through an HR Grouping, with regular reporting of absence to CMT Gold


·     Community information pack delivered to all households

·     High-level community impact assessment complete and a Covid Resident’s Survey presented to the Executive. The community impact assessment was updated in June and a second Covid Resident’s Survey has now concluded.

·     Participation in the Local Resilience Forum (when required)

·     Detailed verification checks introduced around payment of business support grants

·     Changes to contractual arrangements to provide additional financial support to suppliers include standard anti-fraud clauses, mirroring those adopted by Government

·     Wokingham BC internal audit team commissioned to review our approach to

administering the small business grants, recognising the need to ensure adequate, proportionate anti-fraud measures are being adopted

·     Outbreak Management Cell has developed a Local OutbreakMangement  Plan to respond to and manage local outbreaks this has been signed off by the NHS and PHE

·     Work on recovery/renewal is underway both at a Bracknell Forest and Berkshire level

·     Local contact tracing continues to identify those individuals who have tested positive and not been contacted by NHS Test and Trace

·     Public Health dashboard provides close to real time information on cases and outbreaks

·     Working with Health on the vaccination rollout particularly helping with Comms messaging.

·     Community testing set up with access to tests for anyone working or living within Bracknell Forest (in Bracknell Town Centre)





Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities


Officer responsible

Target date

Monitor absences arising from suspected cases of coronavirus and divert staff to critical services where required



Regular communications with staff and the public as the situation develops via various media streams



Follow and adhere to any national guidance /instruction on Home working, isolation and other service delivery matters



Community hub response key area of activity to support vulnerable people and those self isolating



Staffing matters under constant review with requirements to work outside normal contracted hours and different roles, being considered through a re-assignment programme



Business and Suppliers support group working through business / financial related matters when required to do so



School Support being co-ordinated through the Local Authority – enabling consistency of message



Representation on the LRF (Response and Recovery) provided as required

AH /Emergency Planning


Maintain vigilance for potential fraud risk as a result of changes to processes to enable quick transactions and payments to suppliers and emergency support to individuals



Working on the basis of national predictions for Deaths, infection rates and recovery



PPE Cell to run and manage supplies of PPE for the Council and providers



Established Testing team to administer testing for covid-19



Established a methodology for Recovery Principles agreed by the Executive



Data collection on service and community impact being collected to review for trends and to contribute to recovery including resident Covid Impact Survey



Care Home Resilience Plan developed across the ICS area



Outbreak Management 7 day a week requirement Resources identified



Comms messages about Vaccinations continue to be provide through various media forms



Community Testing up and running with  1 venue in the Borough.













Strategic Theme 3: Education and skills

Risk 12: Children’s Social Care demand and supply challenges related to the market for services and associated financial pressures 

Risk Owner: Executive Director: People

Risk Rating (Likelihood x Impact)

Unmitigated 5 x 4

Current Residual 4 x 4

Target Risk Score 2 x 3

Potential Impact

·     Statutory responsibilities not met 

·     Significant budget overspends resulting from increased costs of external placements 

·      Harm to individual children who are not in suitably high quality placements 

·     Adverse effect on staff morale 

·     Adverse effect on external inspections / assessments 



Rationale for current score:

Risk is now higher due to greater pressure in the supply of places available resulting in difficulties in finding suitable placements for children.


Rationale for target risk score

Appetite low due to impact on financial planning 




Current RAG rating


Current Actions (What we are currently doing about the risk)

·     Transformation programme focusing on developing in-house foster service 

·     Regular performance monitoring and reporting to DMT, Children’s SMT and Transformation Board 

·     Access to resource team in place to source best possible placements at cost and quality when in-house not available 

·      Strong partnership relationships 

·     Regular reporting to the Safeguarding Board and DMT 

·     Demand increase has had additional resources  

·     Transformation under Family Safeguarding Model has provided additional staff in two of the family safeguarding teams – aiming to reduce number of children who become looked after 

·     Monitoring the data to assess for impact of Covid 

·     Frameworks in place with South East local authorities for residential care, independent foster care and semi-independent accommodation seeking to influence market cost and quality 

·     Access to Resources Team in place to secure VFM from placements 


Further Mitigation (what more should we do to reduce risk to our risk appetite level)  and opportunities



Officer responsible



Marketing strategy to recruit additional foster carers to support children with higher needs 



Joint Working between council and wider partners including new HWB strategy 




Sustainability of funding for FSM  




New sufficiency strategy for children’s placements under development 





Placements workstream within council looking to optimise process and secure best placements at best cost 
















5  Very High

4  High

3  Significant

2  Low

1  Almost Impossible









































5 Catastrophic

4 Critical

3 Major

2 Marginal

1 Negligible


























Almost impossible


Rare (0-5%).The risk will material only in exceptional circumstances.



Unlikely (5-25%). This risk will probably not materialise.



Possible (25-75%). This risk might materialise at some tim 



Likely (75-95%). This risk will probably materialise at least once.

Very High


Almost certain (>95%). This risk will materialise in most circumstances.















Disruption to established routines/operational delivery

No interruption to service. Minor industrial disruption.

Some disruption manageable by altered operational routine.

Disruption to a number of operational areas  within a location and possible flow to other locations.

All operational areas of a location compromised.

Other locations may be affected.

Total system dysfunction.

Total shutdown of operations

Damage to reputation

Minor adverse publicity in local media.

Significant adverse publicity in local media.

Significant adverse publicity in national media.

Significant adverse publicity in national media. Senior management and/or elected Member dissatisfaction.

Senior management and/or elected Member resignation/removal.


Could have a major impact one departmental objective but no impact on a Council Medium Term Objective

Could have a major impact one or more departmental objective but no impact on a Council Medium Term Objective

Could have a major impact on a Departments objective with some impact on a Council Medium Term Objective

Council severely impact the delivery of a Council Medium Term Objective

Council would not be able to meet multiple Medium Term Objectives.



Non notifiable or reportable incident.

Localised incident. No effect on operations.

Localised incident. Significant effect on operations.

Significant incident involving multiple locations.

Extreme incident seriously affecting continuity of operations.

Financial  (Council as a whole/ single dept.)

<1% of monthly budget

>2% of monthly budget

<5% of monthly budget

<10% of monthly budget

<15% of monthly budget

General environmental and social impacts

No lasting detrimental effect on the environment i.e. noise, fumes, odour, dust emissions, etc. of short term duration

Short term detrimental effect on the environment or social impact i.e. significant discharge of pollutants in local neighbourhood.

Serious local discharge of pollutants or source of community annoyance in general neighbourhood that will require remedial attention.

Long term  environmental or social impact e.g chronic and  significant discharge of pollutants.

Extensive detrimental long term impacts on the environment and community e.g catastrophic and/or extensive discharge of persistent hazardous pollutants.

Corporate management

Localised staff and management dissatisfaction.

Broader staff and management dissatisfaction.

Senior management and /or elected Member dissatisfaction. Likelihood of legal action.

Senior management and/or elected Member dissatisfaction. Legal action.

Senior management and/or elected Member resignation/removal.

Operational management

Staff and line management dissatisfaction with part of a local service area.

Dissatisfaction disrupts service.

Significant disruption to services.


Resignation/removal of local management.

Workplace health and safety

Incident which does not result in lost time.

Injury not resulting in lost time.

Injury resulting in lost time. Compensatable injury.

Serious injury /stress resulting in hospitalisation.

Fatality (not natural causes)


Minor breach resulting in small fines and  minor disruption for an short  period

Regulatory breach resulting in small fines and  short term disruption for an short  period

Major regulatory breach resulting in major fines and  short term disruption for an short  period

Severe regulatory breach resulting in severe fines and disruption for an extended period

Very severe regulatory impact that threatens the strategic objectives of the Council