Agenda item

ARAC (03-21) Paper 5 – Corporate Risk

ARAC (03-21) Paper 5 – Annex A -  Summary Corporate Risk Register

ARAC (03-21) Paper 5 – Annex B – Corporate Risks plotted       

8.1 Dave introduced this item. He outlined the proposed removal of the risk around the Senedd Elections 2021 transition from the Commission’s Corporate Risk Register and the proposed reassessment of the Coronavirus risk by Executive Board.

8.2 Siwan provided an update on the ongoing assessment of risks around constitutional change and Senedd reform. She added that the risks would focus on the Commission’s response to political decisions which would begin to emerge as Senedd business got underway following the election.

8.3 Dave reminded the Committee that this was a summary report of the status of the risks and that the Directors and the Executive Board regularly reviewed more detailed reports. In response to a question around ownership, Dave also clarified that each corporate risk was owned by a lead Director with input from the relevant Heads of Service.

8.4 In relation to the risks around Standards of Conduct for Members of the Senedd, Ann Beynon asked whether there was merit in the Committee engaging with the new Standards Commissioner. The Chair noted that, as the Commissioner was an independent office holder, the focus for the Committee should be on reviewing the management of risks in relation to the support provided by the Commission. Siwan reminded the Committee that the focus of this risk had been on how Commission officials had supported the Senedd to maintain public confidence in the standards regime, including the revised Code of Conduct for Members of the Senedd and appointment of a new Standards Commissioner. She added that, as these were now both in place, the focus would shift to supporting the Standards of Conduct Committee, once established, to carry out a review of the complaints procedure.

8.5 Manon added that, in response to feedback during the induction of new Members, a briefing was being prepared to clarify the roles and remits of the Standards Commissioner and Remuneration Board. This would also include details of the Accounting Officer rules.

8.6 Suzy welcomed any clarity on the Commission’s duty to support the independent Remuneration Board.

8.7 In response to a question from Suzy around the budget and support for the Standards Commissioner, Siwan reminded the Committee that it was a statutory requirement for the Commission to provide resources to the Commissioner’s office. She explained that a Protocol was being drawn up with the new Commissioner based on the principle of a continued flexible approach, whereby Commission staff were seconded to their office.

8.8 In relation to the risk around Dignity and Respect for Commission staff, Suzy suggested some evaluation by internal audit on the effectiveness of training developed to provide staff with the confidence to challenge behaviour which officials agreed to consider.

8.9 In response to points raised by Aled in relation to political decisions around Senedd reform, Siwan provided assurance that the UK constitutional framework, including issues such as the reduction in the number of Welsh MPs, local government boundary changes, would be taken into account when assessing the risks to the Commission.

8.10       The Chair would be discussing the forthcoming review of the Commission’s Assurance Framework with officials in advance of the Committee’s July meeting, specifically around how the independent Remuneration Board fits alongside it and the Committee’s role in ensuring the processes to support it were effective.

8.11       The Chair would also hold discussions with Dave around re-structuring the updates it received on cyber security risks. In response to a specific query from Aled around the use of Mac computers, Dave provided assurance that changes to the way these connected to the network formed part of the measures to improve defences and ensure security of the network. 

8.12       The Chair thanked officials for the assurances provided on the points raised and was happy with the risk reports and risk management processes.