Wandsworth Council is set to undertake a comprehensive review of its risk management strategies, acknowledging the increasing challenges faced by local government. The decision was made during the Audit Committee meeting on Wednesday, 9 July 2025, where members discussed the annual review of risk management and the 2024/25 review of risks and risk controls by directors.

The council's current approach to risk management has remained largely unchanged during a period where the councils have had reasonable capacity and capability to deal with significant new or unforeseen challenges. However, in recent years, the challenges faced by local government, including Richmond and Wandsworth Councils, have increased at a time without similar growth in capacity and capability. The planned review aims to provide greater transparency over both service and strategic risks, especially following significant transformations in service delivery1.

Chart showing service risk returns with quantity plotted against risk score.
Chart showing service risk returns with quantity plotted against risk score.

Key strategic risks to be considered include strategic oversight, transformation, artificial intelligence and cyber security, and unpredictable increases in service demand with limited or reducing supply. The Audit Committee reviewed the Annual Review of Risk Management report, which highlighted the need for a more fundamental review of risk management processes.

Paul Gliotti, Director of Financial Services, explained that the review would engage with key stakeholders, including the chair of the Audit Committee, executive directors, and other relevant individuals, to ensure that risks are understood and integrated into their day-to-day working environment. He emphasised that risk management, whilst it sits primarily at the starting point from this committee, it's everyone's responsibility and therefore we need to evidence and demonstrate that it is being taken seriously and it's been used effectively. To ensure risk management is effectively integrated, the council will engage with key stakeholders to understand their needs and fully embed risk considerations into their daily operations.

Councillor Caddy, Deputy Leader of the Opposition, voiced her support for the review, offering to get involved, noting her years of experience on the committee. Councillor Hedges raised concerns about cyber awareness, referencing a ransomware incident at St. Helens Borough Council, and asked about participating in sector resilience networks. Gliotti responded that while he didn't know about that specific arrangement, cyber risk is a key issue. The council has implemented cyber awareness training, achieving a 95% completion rate among staff, and has a system in place for reporting suspicious emails. The council also engages with third parties for advice and support.

The council aims to have draft proposals for the risk management review ready for ratification in November, with workshops to follow, aiming for a new regime by 2026-27.

  1. The report pack noted that it was now appropriate to complete a more fundamental review of risk management, to provide further transparency over both service and strategic risks following significant transformation in how services are to be delivered.