Controls in place
These are some of the key activities that officers undertake to mitigate the risk. They do not constitute MVDC internal procedures and may be amended to reflect the assessed risk level.

There is a risk, due to the national economic climate, action taken in response to Local Government Reorganisation and the recent review of local government finance, that the Council is unable to balance its budget, without impacting significantly on service delivery and performance. The pressures that MVDC face are to a large extent shared by our contractors and neighbouring councils. This is in the context of a medium term future which may well include:

– A loss of government funding as a result of a review of local government finance (Fair funding review and Business rates retention reset).  The fair funding review outcome was announced in December 2025, for 2026/27 MVDC has an overall increase in Settlement Funding Assessment (SFA) of 3.47% as a result of transitional arrangements, however this will reduce by 4% in 2027/28 and a further 4% in 2028/29.

-Business rates income being below the Business Rates Baseline assessed by Government, meaning that the Council falls into the Business rates ‘Safety Net’.  This means that the Council is not collecting as much Business Rate income as the Government has assessed it should be able to collect and as a result the Council will loose income.  The Council can only reclaim 100% of the lost income in 2026/27 as a result of the Safety Net being set at 100%, for 2027/28 the Safety Net will be 97.5% and in 2028/29 and beyond it will be 92.5%.

-The re-organisation of councils in Surrey into two new Unitary Councils, MVDC needs to fund £539,000 of implementation costs associated with the reorganisation prior to vesting day.  The post-vesting day implementation costs of around £27million will need to be funded by the New East Surrey Council.

– Material costs of refurbishment of some Council assets

– Re-tendering/mobilisation of a number of Council services which were last re-let when market conditions were very favourable to the Council

-Additional costs of recycling processing as a result of a recent fire at the Council’s Material Recycling Facility (MRF) at Randalls Road

– Rising demand for services, such as homelessness

Please also see Risk C11 on Asset Redevelopment and Regeneration and Risk C14 on Waste Services

Inherent risk level (no controls)

Probability: 4

Impact: 5

Risk score: 20 (red)

Controls in place at MVDC

– Maintaining robust budget monitoring and, if appropriate, corrective action to ensure spending is in line with the Budget

– Robust re-procurement procedures

– Contract management arrangements in place and IA actions being addressed (see separate risk)

– Transformation savings plan in place, with proactive monitoring and reporting of savings realisation to the Strategic Leadership Team and as part of the regular Business and Budget monitoring reports to Cabinet

– Transformation programme developed for 2026/27 identified £504,000 of savings to help balance the 2026/27 budget, monitoring of the programme to date shows that the Council is on track to achieve the savings.

– Financial Strategy and Medium Term Financial Plan in place

Residual risk level (after existing controls)

Probability: 1

Impact: 3

Risk score: 3 (green)

Movement of residual risk since last review

Down

Target risk level

Probability: 1

Impact: 3

Risk score: 3 (green)

Risk owner – Member

Cabinet Member (Finance)

Risk owner – Officer

EHoS – Resources

Rents from our investment property portfolio are a key source of income and the capital value of the property is a significant asset on the Council’s balance sheet. This risk is informed by a number of factors including the national economic climate; uncertainty in the property and financial markets; recent government budget changes (e.g., to national insurance); potential reform (or lack of reform) of business rates; material changes in the way of doing business such as online shopping and hybrid working.

Factors that can increase the risk are:

• Loss of rent and reduction of income to MVDC (e.g. tenants struggling to pay their rent; tenants not renewing their leases or exiting leases early, tenants opting to exercise lease breaks in order to downsize, leading to a rise in empty/partially empty premises and void periods; the need to provide incentives to attract new tenants)
• Inability to maximise income to the Council through reviewing rents at appropriate rent review dates within leases (including those with ‘time is of the essence’ clauses)
• A reduction in the capital value of the assets on the council’s balance sheet, and (for assets funded by borrowing), the value of the asset no longer being sufficient to repay the remaining debt, resulting in a potential overhanging MRP charge to the Council’s revenue account in the event of a disposal
• Inability of MVDC’s commercial assets to achieve an Energy Performance Certificate B rating by 2030 (as stated by the previous government). Without that rating it may difficult or impossible to let previously tenanted properties.

Inherent risk level (no controls)

Probability: 4

Impact: 4

Risk score: 16 (red)

Controls in place at MVDC

-Asset Management Strategy approved by Cabinet in June 2025

– Proactive, rational and flexible approach to rent negotiations (rent reviews) and service charge liability

– Proactively seeking new lettings and maximising income from existing assets, or pursuing change of use / disposal strategy

– Good understanding of the local property market and national movement across all sectors

– Positive relationship with tenants and Swan Centre Managing Agents

– Asset Managers confirm that demands have been received 2 weeks prior to the quarter day, then chasing payment after the quarter day on a weekly basis as a minimum, referring to legal at week 4 if the payment is still outstanding

– Performance management of rental income reported to Cabinet in Business and Budget monitoring reports

– Proactive engagement with tenants identified to be at risk (factors include covenant deterioration, payment history and business sector)

– Regular monitoring of aged debt to identify any pattern in non-payment

– Payment plans put in place for tenants who are in arrears

– Proactively seeking rent deposits and/or guarantors where possible for new lettings

– Monitoring of tenant covenant strength in relation to AIS properties and annual review of investment assets for market intelligence to manage associated risk

– Asset Managers maintain EPC records for commercial buildings and, where poor energy performance is likely to impact lettings under MEES, produce property specific management plans identifying actions required to address

– Regular reporting of asset management dashboard to corporate governance board to provide oversight of property portfolio and ensure balance of risk regarding current and future rental income

-Use of property advisors to provide guidance on hold strategy

-Actions from previous Internal audit and CIPFA review of asset management fully implemented and reported

-Asset reviews reported to strategic asset management working group

Residual risk level (after existing controls)

Probability: 3

Impact: 3

Risk score: 9 (amber)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 3

Risk score: 6 (green)

Risk owner – Member

Cabinet Member (Commercial Assets and Projects)

Risk owner – Officer

EHoS – Resources

MVDC needs to provide services in a safe manner that protects the health and safety not just of its employees but also members of the public, trainees, contractors, Members and those who undertake work on behalf of MVDC. If we fail to have good Health and Safety arrangements in place, this could lead to loss of service and / or preventable accidents to and ill health of staff, contractors, public or others affected by our undertakings. This is of particular importance due to the nature of some of the services we provide to the public and vulnerable people.

This risk is informed by:

• Compliance with Health and Safety at Work Act
• Public duty
• Any other legislation that seeks to prevent accidents, ill health and injury

Inherent risk level (no controls)

Probability: 5

Impact: 5

Risk score: 25 (red)

Controls in place at MVDC

– Corporate Health and Safety Policy, arrangements and procedures in place and regularly reviewed / audited

– Regular spot check reviews of health and safety arrangements by Health and Safety consultant

– Regular meetings of H&S Group, who escalate any concerns to Corporate Governance Board

-Health and Safety Group briefed on upcoming and amended Health and Safety legislation

– Health and Safety action plan in place

– Employee induction includes focus on Health and Safety and all employees provided with Health and Safety Guidance

– Training in place for new and existing employees with specialist training provided as required

-Organisational stress risk assessment in place and reviewed annually

– Health and Safety risk assessments in place for all service areas and regularly reviewed

– Lone working procedure in place for all service areas with bespoke arrangements in relation to individual business areas

– Effective management/inspection of property and land assets

– Health and safety integrated into procurement processes

– Arrangements with partner organisations/ below procurement threshold contracts to ensure appropriate Health and Safety requirements are in place

Residual risk level (after existing controls)

Probability: 2

Impact: 4

Risk score: 8 (amber)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 4

Risk score: 8 (amber)

Risk owner – Member

Leader, Governance and Organisation

Risk owner – Officer

Deputy Chief Executive

MVDC typically blocks thousands of malicious attempts daily to access MVDC systems and data. The majority are blocked by technical measures. The most significant contributor to this risk is that MVDC employees and members may, for example, inadvertently click on malicious links or attachments in Phishing emails.

If we fail to secure the Council’s accounts and data there is a risk of loss and data protection issues; this could lead to the Council not being able to deliver services, financial cost of rebuilding and ICO fines, and reputational damage.

Inherent risk level (no controls)

Probability: 5

Impact: 5

Risk score: 25 (red)

Controls in place at MVDC

– ICT Security Policy in place and regularly updated

– Access to systems and data is strictly controlled and data is held securely in order to ensure it is only available as permitted and not at risk of loss or compromise

– Regular testing of the ICT security perimeter (firewalls), monitoring for new vulnerabilities of systems and a cycle of ensuring all system versions are up to date is in place. Quarterly review, and if required housekeeping, of Firewall rules

– Regular patching cycle of server and desktop infrastructure, and also monthly review of security systems (Proxy server, firewalls, switches, backup software, HCI software)

– Risk assessment on basis of industry knowledge and government information provided by the National Cyber Security Centre

– Regular mandatory Cyber security awareness training for all Council Officers. Extended on a voluntary basis to Councillors

-Regular awareness and communications for staff on intranet

Residual risk level (after existing controls)

Probability: 2

Impact: 3

Risk score: 6 (green)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 2

Risk score: 4 (green)

Risk owner – Member

Cabinet Member (Services and Security)

Risk owner – Officer

EHoS – People

MVDC needs to make sure that personal data is secure and only processed in accordance with the relevant legislation and that an individual’s right to privacy is protected.

If we fail to effectively act on and embed standards and procedures that enable us to do this, this could lead to distress and harm for data subjects, a loss of public trust, financial penalties to the organisation, or other regulatory action as imposed by the Information Commissioner’s Office

This risk is informed by a number of issues, including:

• Potential data protection breaches, misuse of private information, breaches of European Convention of Human Rights (Article 8) and breaches of confidence enabling access to confidential data
• Loss of data, including as a result of malicious cyber security attacks (Ref:C4b, Risk of Hacking)

Inherent risk level (no controls)

Probability: 5

Impact: 5

Risk score: 25 (red)

Controls in place at MVDC

– Data Protection Policy approved by Council and updated periodically

– Data protection training and updates for new and existing staff

– Member Training on responsibilities under appropriate Code of Conduct, including data protection, for new and existing Members, and training video on MOSS

– Certification obtained on disposal of confidential information

– Information Asset Register in place for each service

– Records Retention Policy and schedule in place and implemented

– Data sharing protocols in place and implemented

– Data protection procedures in place to for all new projects and processes

– New software systems functionality and use evaluated for GDPR compliance

– Procedures in place for compliant use of email by staff/Members and document management arrangements

– Procedures in place to ensure that personal information is not inadvertently made available in the public domain

– Statutory Data Protection Officer (and Deputy) in place

– GDPR guidance in place to reflect move to hybrid working

– Data security threats (e.g through phishing) addressed in C4b (risk of hacking) controls

Residual risk level (after existing controls)

Probability: 2

Impact: 2

Risk score: 4 (green)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 2

Risk score: 2 (green)

Risk owner – Member

Cabinet Member (Commercial Assets and Projects)

Risk owner – Officer

EHoS – Commercial

If we fail to ensure that the organisation continues to have the capacity to achieve the priorities in the Annual Plan, and ensure the effective delivery of services, this could have serious implications particularly in relation to statutory services ultimately leading to service failure and/or reputational implications.

A significant factor that will affect this risk is Local Government Reorganisation [Risk C15]

Inherent risk level (no controls)

Probability: 4

Impact: 4

Risk score: 16 (red)

Controls in place at MVDC

– Council Strategy 2024-28 approved to assist with prioritisation from April 2024, including development of Annual Plan and Business Plans

-Annual Plan 2026/27  agreed in light of  Local Government Reorganisation and resources required for transition planning during 2026/27

–  Up to date workforce data available to Strategic Leadership Team to enable effective management of workforce, inform business planning,  and the appraisal process

– Governance arrangements in place to provide organisational oversight, enabling re-prioritisation of  tasks and available resources where appropriate

– Effective arrangements in place regarding recruitment and retention which are kept under review. This includes feedback from applicants offered a job but did not accept,  leavers and staff surveys

– Controlled use of interim staff to cover business critical posts for short periods of time

-Making best use of internal staffing resources to free up capacity for those supporting the LGR transition process

– Annual review of cost of living increase award to ensure it is both affordable and reflective of additional pay inflation, including comparison with other authorities

-Staff survey supplemented by ‘temperature checks’ and implementation of any actions arising from feedback

Residual risk level (after existing controls)

Probability: 3

Impact: 4

Risk score: 12 (amber)

Movement of residual risk since last review

None

Target risk level

Probability: 3

Impact: 4

Risk score: 12 (amber)

Risk owner – Member

SLT (Head of Paid service has delegated responsibility in the constitution for staffing matters)

Risk owner – Officer

Chief Executive

MVDC needs to ensure that all employees are aware of the organisation’s responsibilities in relation to safeguarding children and vulnerable adults.

This means being able to identify signs of concern and knowing when to share information and to report those. It also means ensuring that employees follow safe practice when delivering services. Due to the impact of ongoing economic uncertainty, more people continue to be vulnerable to changes in circumstances, financial or otherwise.

This risk is also informed by the impact of local government reorganisation.  The transition of Mole Valley’s safeguarding will be considered in light of the shift of functions into the East Surrey Council.

MVDC also needs to ensure that there is an appropriate response in place in the event of a Domestic Abuse Related Death Review or involvement in a Child Safeguarding Practice Review or a Safeguarding Adults Review.

Failure to fulfil our responsibilities in relation to identification of safeguarding risk could delay referrals for early intervention and lead to significant harm or death of a child or vulnerable adult and the potential ensuing legal action and reputational damage for the authority.

Inherent risk level (no controls)

Probability: 3

Impact: 4

Risk score: 12 (amber)

Controls in place at MVDC

– Policies and procedures for safeguarding in place and reviewed as appropriate

– On-line referral forms in place for children’s single point of access (CSPA) and via the SCC portal for multi-agency safeguarding hub (MASH) to track and follow up on concerns raised

– Procedures in place for Mole Valley Life services including Telecare and the Community Responder Service

– All employees undertake foundation level awareness training for safeguarding and new employees undertake this as part of their induction

– Enhanced level safeguarding training undertaken by relevant staff as identified according to their responsibilities

– Safeguarding forms part of the Terms of Reference of the Corporate Governance Board, including presentation of annual referral analysis

– Annual undertaking of S11 audit from Children’s Safeguarding Board, and involvement in Adult Safeguarding Board Quality Assurance activity

– Representation on the Surrey Adult Safeguarding Board, the Children’s Partnership Executive Group and the Safeguarding Lead officers Group

– Involvement in Surrey Lead Member and Lead Officer group chaired by SCC Cabinet lead Member

– Procedures in place for conducting Domestic Abuse Related Death Reviews, working with a central co-ordination team at Surrey County Council. Involvement in Domestic Abuse Related Death Oversight Group

– Safeguarding procedures in place in relation to the Homes for Ukraine scheme as set out in government guidance

Residual risk level (after existing controls)

Probability: 2

Impact: 2

Risk score: 4 (green)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 2

Risk score: 4 (green)

Risk owner – Member

Cabinet Member (Services and Security)

Risk owner – Officer

EHoS – Community

In declaring a Climate Emergency, MVDC has recognised the current environmental tipping point and is working towards being carbon neutral by 2030.  MVDC is committed to making a positive contribution at a local level through the implementation of the Climate Change Strategy for Mole Valley. The risk is that MVDC fails to deliver the Climate Change Strategy,  meaning that we do not to maximise achievement of carbon reduction and /or fail to maximise support to businesses and residents.

This risk is informed by the way we manage our workforce, estate and operations, coupled with competing priorities for financial resources, to assist in reducing our carbon footprint and make Mole Valley more resilient to the impacts of climate change.

The impact locally includes:

• Increased likelihood of flooding impacting on properties
• Extreme weather (heat and cold) impacting vulnerable residents and council assets
• Extreme weather having a greater impact on the day to day delivery of services
• Detrimental impact on the local environment

Inherent risk level (no controls)

Probability: 5

Impact: 3

Risk score: 15 (red)

Controls in place at MVDC

– Climate Change Strategy in place setting out the arrangements in place to reduce the impact of climate change at a local level

– Climate Change Adaptation Strategy in place to identify the impacts of climate change on Mole Valley and the Council’s long term strategy to adapt service delivery in response

– Carbon literacy training in place and being rolled out to inform how the workforce can make an impact through their job roles

-Carbon reduction commitment in business plans actively monitored

-Local Plan contains supportive policies for new developments and refurbishments

– Plans in place for flooding and snow/ice

– Sustainable Procurement Charter in place to ensure climate change sustainability of long-term contracts

-Information to support residents and business available in the Sustainable Mole Valley website

-Active seeking of funding opportunities

Residual risk level (after existing controls)

Probability: 2

Impact: 3

Risk score: 6 (green)

Movement of residual risk since last review

None

Target risk level

Probability: 3

Impact: 2

Risk score: 6 (green)

Risk owner – Member

Cabinet Member (Climate)

Risk owner – Officer

EHoS – Planning & Place

Proposed re-developments and regeneration schemes which are likely to result in asset disposals and capital receipts  fail to proceed. This could lead to capital receipts not being realised or receipt delayed. Where assets are identified for redevelopment, regeneration or disposal this could limit the Council’s ability to lease the assets because of the need to retain flexibilities to facilitate the the development scheme. Prolonged delays can lead to project viability challenges resulting in higher expenditure and lower capital receipts as well as unnecessary revenue and capital costs in relation to asset maintenance/management as a result of the delay.

This risk is informed by :

– Falls in capital values of assets due to market conditions

– Market conditions affecting project viability

– Planning and political risks as a result of potentially conflicting views from residents and other key stakeholders creating uncertainty

Please also see Risk C1d Reduction in capital value of and rental income from Investment Properties

Inherent risk level (no controls)

Probability: 3

Impact: 4

Risk score: 12 (amber)

Controls in place at MVDC

– Asset Management Strategy 2025-2030 in place

– Finance Team commission IFRS valuations from an independent valuer on a five year rolling programme

– Regular periodic reviews of business cases for property/project transactions

– Strategic Asset Management Working Group and Pippbrook Working Group in place to review and inform potential asset development and disposals

– Ensuring that recommendations put forward for approval at Cabinet are deliverable and/or that the risks are fully identified and explained with accompanying sensitivity analysis and independent advice received

-MVDC policy on non-statutory consultations and community engagement

– Due diligence undertaken on all potential transactions

– Forward planning and monitoring to enable MVDC to plan for worst case scenarios and plan the response

– Capacity to deliver assessed prior to commitment to delivery

-Development agreements in place for Swan Centre/Bull Hill and Claire and James House

-Joint Venture set up with Kier with Joint Venture Board and appropriate governance arrangements and legal agreements

-Approval of the Planning Strategy Business Case and Annual Business Plan for the joint venture by Cabinet

-Consultation with residents

-Professional teams appointed to support developments

-Kier MVDC JV submitted planning application for TL scheme in Nov 2025

Residual risk level (after existing controls)

Probability: 2

Impact: 5

Risk score: 10 (amber)

Movement of residual risk since last review

None

Target risk level

Probability: 1

Impact: 5

Risk score: 5 (green)

Risk owner – Member

Cabinet Member (Commercial Assets and Projects)

Risk owner – Officer

EHoS – Resources

MVDC needs to make sure that arrangements are in place to ensure an effective response in an emergency situation.

As a Category one responder MVDC is required to comply with the duties set out in Civil Contingencies Act 2004.

If we fail to act effectively, this could lead to distress and harm, a loss of public trust, and a failure to provide civil protection to residents, businesses and the wider community.

This risk is informed by a number of issues, including:

• Local or national level of emergency response required
• The nature of the emergency, which could include for example power outage, flooding or other extreme weather conditions.

Inherent risk level (no controls)

Probability: 4

Impact: 5

Risk score: 20 (red)

Controls in place at MVDC

-Emergency Plans in place that comply with the duties of the Civil Contingencies Act 2004

-Emergency planning duty officer rota in place 365 days a year and regular training provided

-Named incident liaison officers

-Business Continuity Management MVDC Corporate Plan – Incident Management and Organisational Resource Plan in place that sets out key actions to be taken in response to an emergency

-All services have business continuity plans in place (on-going training re business resilience)

-Severe weather plan in place

-Multi-agency flood plan in place

-Emergency Assistance Centre Plan in place

-Winter preparedness plans in place

-Access to Resilience Direct Portal

-Lessons learnt from both local and major national incidents

-Active member of the Surrey Local Resilience Forum which publishes the Surrey Community Risk Register. This provides public information about the hazards that exist within the County and the control measures that are in place to mitigate their impact. The Register details the lead agency for each hazard identified. The responsibilities (specifically infrastructure/system failure and natural hazards) assigned to Mole Valley District Council are to be read in conjunction with this Strategic Risk Register.

Residual risk level (after existing controls)

Probability: 2

Impact: 3

Risk score: 6 (green)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 3

Risk score: 6 (green)

Risk owner – Member

Leader, Governance and Organisation

Risk owner – Officer

EHoS – People

Contract Management across the organisation is inconsistent. Despite corporate contract management guidance and some areas of good practice, we have found that contracts may not be consistently recorded on the Council’s contract register and that monitoring of expenditure against contracts and supplier performance by contract managers is inconsistent across the organisation.

This may result in:-

• Lack of compliance with the Procurement Act 2023 and Transparency code reporting requirements
• Poor services to residents due to contractor poor performance not being addressed
• The Council being unaware of the risk of individual suppliers going into administration
• Additional costs or loss of income to the Council
• Incomplete or inaccurate information about contract arrangements passed to the new East Surrey Council

Inherent risk level (no controls)

Probability: 4

Impact: 3

Risk score: 12 (amber)

Controls in place at MVDC

-Contract management procedure rules in Constitution

-Contract Management Guidance Notes on the intranet

-Regular Contract Management Training in place

-Contracts Register in place and reviewed quarterly

-Monitoring of contract spend

-Regular financial health checks e.g. Dun and Bradstreet, undertaken on high and medium level contracts

-Internal Audit reviews

Residual risk level (after existing controls)

Probability: 3

Impact: 2

Risk score: 6 (green)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 2

Risk score: 4 (green)

Risk owner – Member

Cabinet Member (Finance)

Risk owner – Officer

EHoS – Resources

MVDC is required to make strategic decisions in terms of the future delivery of services whilst there is significant uncertainty as a result of local government reorganisation. This could lead to a risk of decisions being delayed which would have a detrimental impact on service delivery, noting that waste collection and street cleaning is a statutory duty under the Environmental Protection Act 1990. A decision around the future of the MFR site is also key in terms of securing key waste infrastructure for East Surrey.

This risk is informed by:

• The new shadow authority elections will mean a new administration will be appointed in May 2026 and it/they are anticipated to be required to endorse the award of contract for the new joint waste collection and street cleaning contract at one of their first meetings
• The contract award decision and the accompanying IAA is anticipated to be reported to the MVDC July meeting cycle. Reporting to the shadow authority will be required for formal agreement. Details to be confirmed
• Uncertainty as to the impact of disaggregation of Surrey County Council as the Waste Disposal Authority on waste infrastructure
• Pause on strategic asset decisions relating to the depot available to support the waste collection and street cleaning service/service provider
• Expectation of waste stream to be identified by Implementation team as a key focus given timescales for infrastructure/planning and procurement timescales. The future use of the Materials Recycling Facility at Leatherhead is the subject of a revised options appraisal and will also need to be considered by the shadow authority. The current use of the MRF site is uncertain following the fire in October 2025 due to delays in the insurers confirming liability and final settlement amounts. As a result of the fire the previously modelled gate fee savings are now at risk
• The current waste collection and street cleaning contract expires on 5 June 2027
• The resource requirements to mobilise a new waste and street cleaning contract to take effect on 6 June 2027 requires input from a range of authority teams outside JWS, including Asset Management, Customer Services, Finance and ICT, at a time when preparation for vesting day will also require resources, coupled with the anticipated ongoing contract management resources to effectively manage the transition from Amey to the new service provider
• Uncertainty from central government in terms of future strategic waste plans and related targets
• MVDC offers a garden waste service to its residents which generates revenue for the authority and contributes to our recycling rates. The new authority will need to decide the fees and charges and customer service model that it wishes to apply to that service during 2026/27

Inherent risk level (no controls)

Probability: 5

Impact: 5

Risk score: 25 (red)

Controls in place at MVDC

-Procurement Strategy for waste and street cleaning contract approved by in Cabinet in February 2025 (updated June 25) and being implemented

-Inter-Authority Agreement under development

-Building in flexibility to future arrangements

-Joint Waste Solutions (JWS) project managing the reprocurement and the various workstreams

-Consideration of investment required in our assets to support service delivery with capital funding proposals included in the 2026/27 capital programme for the depot and vehicles

-Contract extension to Material Recycling Facility (MRF) contract to 31 March 2028, with a further one year optional extension to 31 March 2029. Due to fire at the MRF in October the terms of the contract extension are now at risk

-S151 officers attends regular cross council and partnership meetings to be assured that financial implications are built into the Medium Term Financial Plan as far as possible. The implications included in the MTFP have been reviewed the first stage bid submissions received at end November 2025

-Regular member briefings incorporated into the procurement project plan

-Making use of expertise and capacity in Joint Waste Solutions (JWS) to undertake horizon scanning

-Management of unresolved commercial disputes with the current service provider. Good progress is being made in resolving these

-In relation to Local Government Reorganisation a Joint Implementation Team has been established with waste falling under the Place theme

Residual risk level (after existing controls)

Probability: 3

Impact: 4

Risk score: 12 (amber)

Movement of residual risk since last review

None

Target risk level

Probability: 2

Impact: 3

Risk score: 6 (green)

Risk owner – Member

Cabinet Member (Waste, Recycling and Environmental Health)

Risk owner – Officer

EHoS – Commercial

Central government has confirmed the implementation of Local Government Reorganisation in Surrey.  The intention is for elections to the new shadow unitary councils to be held in May 2026 and the new unitaries are expected to go live on 1 April 2027 (vesting day).

From March 2026, it became a statutory duty for MVDC to provide information, consult and co-operate with other East Surrey authorities and the new shadow authority to effect a safe and legal transfer of functions and services for vesting day.

MVDC will continue to exist until at least 31 March 2027.  During this time the council needs to continue provide essential services, achieve its corporate objectives and deliver against strategies and plans. There will be added complexity in terms of governance in making key decisions as many of these will be subject to consultation with the new shadow authority.

There is risk that, if MVDC did not have mitigations in place services may not be safe and legal at the point of vesting day.

Risk C7, Organisational Capacity to Deliver identifies that there is risk that during this transition phase MVDC may have reduced staffing capacity as a result of staff leaving MVDC and/ or working for or in support of the shadow authority.

Inherent risk level (no controls)

Probability: 5

Impact: 4

Risk score: 20 (red)

Controls in place at MVDC

-Active engagement with MHCLG and with the Implementation Team to make sure we understand and contribute to the process

-Active participation in the Implementation Team Themes and workstreams

-Subject Matter Experts allocated to each workstream to ensure two way communication and identification of any actions for MVDC

-Communications with Members, residents, business and key stakeholders / partners via the Implementation Team

-Ensure that strategies and plans remain deliverable and appropriate within existing resources

Residual risk level (after existing controls)

Probability: 3

Impact: 3

Risk score: 9 (amber)

Movement of residual risk since last review

Down

Target risk level

Probability: 2

Impact: 3

Risk score: 6 (green)

Risk owner – Member

Leader, Governance and Organisation

Risk owner – Officer

Chief Executive

Risk of exceeding the VAT partial exemption limit could lead to additional cost for the Council in 2026/27 as we would no longer be able to reclaim VAT on expenditure on exempt services and activities.

This risk informed by MVDCs annual calculation of its partial exemption position which has shown that the Council is close to its limit.

Inherent risk level (no controls)

Probability: 5

Impact: 4

Risk score: 20 (red)

Controls in place at MVDC

-Regular monitoring of VAT partial exemption position as part of regular Business and Budget monitoring reports to Scrutiny and Cabinet

-Quarterly VAT returns to HMRC

-Annual partial exemption declaration to HMRC

-Training provided to staff on VAT

-Access to VAT specialist advisors

-Members of the Finance Team provide advice and support to Business Managers on VAT

-Advice to services provided to limit number of partially exempt services and activities the Council is providing during 2026/27

Residual risk level (after existing controls)

Probability: 2

Impact: 3

Risk score: 6 (green)

Movement of residual risk since last review

N/A

Target risk level

Probability: 1

Impact: 1

Risk score: 1 (green)

Risk owner – Member

Cabinet Member (Finance)

Risk owner – Officer

EHoS – Resources

Key: EHoS = Executive Head of Service.

Additions / deletions in last 12 months:-

Additions:

• December 2024 – C12 Emergency Planning
• December 2024 – C13 Contract Management
• December 2024 – C14 Waste services
• December 2024 – C15 Local Government Reorganisation

Deletions:

• July 2025 – C4b IT (Operational Resilience)