The Audit, Governance and Standards Committee of Kingston upon Thames Council met on Tuesday 2 September 2025 to discuss the council's strategic risks and governance arrangements. The committee was scheduled to review the updated corporate risk register and the Annual Governance Statement for 2024/25, including an action plan for 2025/26. The meeting was also open to the public, with a 15-minute period for residents to ask questions.

Annual Governance Statement

The committee was scheduled to consider the council's Annual Governance Statement (AGS) for the year 2024/25, prior to its formal sign-off by the Leader of the Council and the Chief Executive. The AGS is a requirement for local authorities, and is intended to be an honest self-assessment of the organisation's performance across all of its activities. It also includes a statement of actions being taken to address areas of concern or for improvement.

The report pack included the draft AGS 24-25 itself, which describes the council's responsibility for ensuring its business is conducted in accordance with the law and proper standards, and that public money is safeguarded and properly accounted for. It also sets out the purpose of the governance framework, which is made up of the systems and processes, culture, and values by which the council is directed, controlled, accounts to, engages with and leads Kingston's communities.

The AGS 24-25 also provided a summary of the key elements of the governance framework that were operating during the year under review, including:

• Council
• Strategic Committees
• Neighbourhood Committees
• Audit, Governance and Standards Committee
• Regulatory Committees
• Strategic Commissioning Board (SCB)
• Transformation Board
• Capital and Infrastructure Board
• Kingston Development and Investment Board
• Corporate Leadership Group (CLG)
• Directorate Management Teams (DMT)
• Managers
• Scrutiny Panel
• Kingston Partnership Board
• Kingston Health Overview Panel
• Kingston and Richmond Safeguarding Children Partnership
• Kingston Safeguarding Adults Board
• Corporate Performance and Risk Board
• Corporate Information Governance Group
• Strategic Leadership Team (SLT)
• Wider Leadership Team (WLT)
• Internal Audit
• External Audit
• Statutory Officers

The report pack also included an Annual Governance Statement Action Plan. The action plan included actions for completion relating to:

• Business continuity, ensuring that the organisation has reviewed its Business Continuity Plans to reflect both learning from the pandemic and a focus on response in the event of a cyber incident.
• Compliance with corporate policies and procedures, ensuring policies and procedures are up to date, accessible and fit for purpose.
• The council's 'Stronger Together' culture, and further embedding empowerment and enablement.

Corporate Risk Register

The committee was scheduled to receive a report on the council's strategic risks, together with mitigating actions being taken. The Corporate Risk Register lists the top strategic risks for the council, and is reviewed and updated on a quarterly basis by the Strategic Leadership Team.

The report pack included a copy of the Corporate Risk Register, which detailed the following risks:

1. Financial sustainability, with Sue Cuerden, Executive Director Corporate Services & Section 151 Officer, as the risk owner. The risk description stated that unsustainable and unfunded growth and increase in demand for statutory services, increase in cost - inflation, and a lack of resources could lead to budgets being inadequate, with in year significant forecast overspends, unsustainable increasing future years budget shortfalls, and a S114 notice[^1] might become unavoidable. [^1]: A Section 114 notice is a formal declaration that a local authority does not have the resources to meet its financial obligations.
2. Recruitment and retention, with Sue Cuerden, Executive Director Corporate Services & Section 151 Officer, as the risk owner. The risk description stated that a challenging recruitment market, both locally and nationally, which does not meet needs of services, leading to lack of people with required or specialist skills, applicant desire for higher salaries, turnover of staff, recent starters (<1 yr) leaving, and a lack of training, development and retention initiatives could lead to an insufficient number of staff to deliver service, levels of vacancy reaching critical levels, and overload on existing staff.
3. Civil contingencies for extreme weather events, with Tessa Cole, Interim Director of Transformation and Insight, as the risk owner. The risk description stated that a weather event occurs, such as heat, localised surface flooding or winds, uncoordinated or insufficient response from the council, and a lack of contingencies could lead to a failure to adequately coordinate high impact response, prolonged duration of event and wider community not supported, and resources made worse.
4. Changing regulatory requirements, with Louise Round, General Counsel & Monitoring Officer, as the risk owner. The risk description stated that changes to legislation/regulations lead to an increase in responsibilities - particularly statutory - placed on the council, and a lack of planning, appropriate lead in times or insufficient funding for new required activity could lead to a failure to adhere to policies and procedures and meet new regulations, a major increase in responsibilities leads to additional work and the need for additional resources, and insufficient funds to cover new responsibilities.
5. Social cohesion, with Louise Footner, Executive Director, Residents & Communities, as the risk owner. The risk description stated that radicalisation of individuals, an increase in conspiracy theories and disinformation, alongside unregulated technology such as artificial intelligence, political language/conversation (driving division), international conflicts being imported, and tensions under surface being ignited by either local or international event could lead to a fracturing of community cohesion and a particular event (local or international) sparks social unrest within the borough. The risk register noted that the likelihood score had been increased from 2 to 3 given current international and national activity and recent protests, especially regarding hotels hosting asylum seekers.
6. Death/serious harm to person within our care, with Sam Morrison, Executive Director for Adult Social Care & Health, & Ian Dodds, Executive Director for Children's Services, as the risk owner. The risk description stated that a failure to assess, plan and provide adequate support to safeguard a child, young person or vulnerable adult, a failure to complete statutory social work visits, direct work and reviews with a child, young person or vulnerable adult to listen to their living experiences and assess their safety and wellbeing, a failure to work in partnership with other statutory agencies to implement a clear, multi-agency approach to safeguarding, and a failure to monitor and assure the safety and quality of placements or supported accommodation and housing could lead to serious injury or death of a child, young person or vulnerable adult in the care of the local authority.
7. Business continuity/loss of key building - residential, with Matthew Essex, Executive Director, Place, as the risk owner. The risk description stated that an incident - e.g. fire/flood/emergency evacuation, poor maintenance and monitoring contribute to poor condition and susceptibility to incident, and poor and/or uncoordinated response leads to longer period of building loss could lead to a partial or total loss of key housing block - either short (days) or long-term (months or longer).
8. Business continuity/loss of key building - office, with Matthew Essex, Executive Director, Place, as the risk owner. The risk description stated that an incident - e.g. fire/flood/emergency evacuation of RBK building leading to medium to long term loss of access/availability could lead to loss of key office building, loss of systems - e.g. ASC, legacy systems housed on site, loss of IT infrastructure (data centre substation and generators in GH2 basement), and loss of equipment stored within buildings.
9. Artificial intelligence adoption, with Sue Cuerden, Executive Director Corporate Services & Section 151 Officer, as the risk owner. The risk description stated that the speed of technology change, ease of access to AI tools, a lack of understanding in the council on how AI works and what it could do, information Governance and Data Protection risk if personal data is shared with AI tools, a lack of oversight in use of AI in the council, and data quality is not good enough to train AI tools could lead to AI used inappropriately, a data Protection incident due to personal data being shared with inappropriate AI tools (eg. open Chat GPT), and poor data used to train AI tools.