CAIRNGORMS NATION­AL PARK AUTHORITY

Audit & Risk Com­mit­tee Paper 6 11/09/2020

Title: RISK MAN­AGE­MENT UPDATE

Pre­pared by: DAV­ID CAMER­ON, DIR­ECT­OR OF COR­POR­ATE SERVICES

Pur­pose

This paper presents an update on the Authority’s work on stra­tegic risk man­age­ment more spe­cif­ic risk man­age­ment approach dur­ing the imple­ment­a­tion of our cur­rent busi­ness con­tinu­ity plan approaches.

Recom­mend­a­tions

The Audit & Risk Com­mit­tee is asked to:

a) Con­sider wheth­er the Com­mit­tee wishes to make any com­ment on the cur­rent Stra­tegic Risk Register as presen­ted in Board papers under the item updat­ing on Cor­por­ate Plan and Risk Man­age­ment Deliv­ery; b) Con­sider the updated Busi­ness Con­tinu­ity Plan (BCP) Risk Register presen­ted at Annex 1 to this paper; c) Agree any amend­ments to the BCP risk man­age­ment approach and / or to the BCP risk register.

Exec­ut­ive Summary

Stra­tegic Risk Register

1. The Authority’s Stra­tegic Risk Register cov­er­ing the deliv­ery of the 2018 to 2022 Cor­por­ate Plan was adop­ted by the Audit & Risk Com­mit­tee at its meet­ing in May 2019 and sub­sequently by the Board at its June 2019 meet­ing. As agreed by the Board, the Stra­tegic Risk Register is reg­u­larly reviewed by seni­or man­age­ment, to con­sider the appro­pri­ate­ness of the cov­er­age of the risk register and to con­sider action being taken to man­age and mit­ig­ate risk.

2. Dur­ing this report­ing cycle, the stra­tegic risk register includ­ing updates to mit­ig­a­tion plans, action com­ment­ary and risk rat­ing has been presen­ted to the full Board along­side the Cor­por­ate Plan deliv­ery update reports. The stra­tegic risk register is not repeated for the Audit and Risk Com­mit­tee as mem­bers will have access to the papers through their Board papers. The risk register will be reviewed as part of the Board meet­ing of 11 Septem­ber. How­ever, Com­mit­tee mem­bers may wish to take the oppor­tun­ity to raise any com­ments on the stra­tegic risk register and wider stra­tegic risk man­age­ment approaches at the meeting.

Busi­ness Con­tinu­ity Risk Register

1. The Com­mit­tee con­sidered the risk register estab­lished to sup­port the Authority’s busi­ness con­tinu­ity plans (BCP) in react­ing to COVID19 at its meet­ing in June 2020. The update of the BCP risk register is presen­ted at Annex I to this paper. A num­ber of risk rat­ings have been revised as indic­ated by upward or down­ward arrows, with oth­er risks oth­er­wise assessed as remain­ing at the same level fol­low­ing mit­ig­a­tion action. A small num­ber of addi­tion­al risks have also been added (shown in red in the doc­u­ment). The risk register has also been revised to show the lead respons­ible officer iden­ti­fied for man­age­ment of each of the risks specified.

2. The Com­mit­tee is invited to review the update on the man­age­ment of the Authority’s BCP risk register, and to con­sider wheth­er any fur­ther updates or mit­ig­a­tion actions require to be incor­por­ated at this stage.

3. The Com­mit­tee is also invited to con­sider wheth­er there are any gaps in risk cov­er­age, in terms of any new stra­tegic risks poten­tially impact­ing on deliv­ery of our Cor­por­ate Plan objectives.

Dav­id Cameron 1 Septem­ber 2020 davidcameron@​cairngorms.​co.​uk