My Lords, I add my congratulations to the noble Lord, Lord Arbuthnot, on the excellent way in which he chaired our committee. I can tell the noble Lord that I certainly enjoyed it, and furthermore I learned a great deal; my compliments also to the staff. I think we never managed to meet in person, but did every session online, which posed some interesting challenges to do with curtains and lights and things like that. It was an extremely well chaired committee.
The noble Lord has set out extremely well the main highlights of our report, so I want to briefly pick on a couple of points. I support the overall conclusion that the culture and practice within government of risk assessment and management of resilience need to change. How we go about that should be through adopting a whole-of-society approach and looking to general resilience more than to individual threats.
Let me begin with box 1, which sets out the threat from climate change. It could have been argued that we did not really need to set out climate change because it was so obvious and over such a long period, but it is interesting to note that we are now a year from COP 26 and already it is slightly beginning to slip down the agenda. For me, it was important to see it in there because, first, the extreme risks that come from it are all going to appear with increasing severity and likelihood on the national risk register, and, secondly, it serves as a lesson of what happens when the enemy at the gate perhaps overtakes the enemy on the horizon. It is a very good example of that.
I would like to draw attention to paragraphs 136 to 141 in the report, where we talk about the devolved bodies. I can do no better than to quote paragraph 137 and Shirley Rogers, director of performance, delivery and resilience for the Scottish Government, who said:
“There is a variable degree of understanding about what devolution settlements look like and what devolved Administrations’ powers are … My observation is partly that there is a tendency to treat us as if we are a department and consult us on the things that people think we will need to know about, rather than the totality.”
Correcting that is central to the Government’s approach.
I would like to comment on how we look at resilience and go about risk management. Currently, risk is looked at as identifying a single threat, rather like on your company risk register, and looking at how it can be mitigated. The risk is seen as a barrier to achievement. However, what I learned in the process of our committee’s deliberations was that extreme risks are not like that; they are things that we cannot avoid, and therefore we have to look at them in a different way. As the noble Lord has already pointed out, this needs a change of culture.
The resilience that we need comes not from looking at the individual threat but at all of the things that cascade together and ensuring that there is resilience in depth. That requires an investment, and that comes back to the Treasury. This is not about a cash spend that is going to be made in-year; this is about identifying something that will be invested in, and resilience automatically implies redundancy. There will be some part of the spend that will never be used, and we have to accept that as being central to what we are trying to do. If we do not understand that, just look at the supply chain and the fact that all the chips were being made in countries that are having grave difficulty, and now we cannot make cars in anything like the way that we would want to.
In the first 22 years of this century, we have had three extreme events: first, a financial crisis which cost us hundreds of billions in support; secondly, a pandemic, which was number one on the risk register but we got wrong, and which cost hundreds of billions in support for the country; and, thirdly, since our report came out, a war in Ukraine which was not particularly anticipated. I am sure we will have three more events in the next 20 years and that they will not be the ones that are predicted, so we have to have resilience to be ready for whatever may come. In that regard, I think the most important thing the chairman of the committee, the noble Lord, Lord Arbuthnot, said is about getting the Treasury to change the way it looks at these things. We have to try to get the Treasury away from its complacent, cash-book comfort zone and into looking at investment for the future.
Ultimately, in any organisation, risk is the responsibility of the chief executive or the accounting officer. We need to put responsibility for risk higher up. We need a chief risk officer, and for Secretaries of State and the Prime Minister to take the responsibility.