Minutes:
The Interim Director of Finance presented the Quarterly Risk Update report and in doing so highlighted that a third round of Officer Risk Board quarterly meetings had now taken place since the meetings were established in April 2022. It was explained that each department within the Council had to nominate a representative to the Risk Board who would report back to their respective management teams – this facilitated with identification of risk owners. The process was now resulting in more risks being registered and mitigated.
The Interim Director of Finance highlighted that as of end of September the number of departmental risks had reduced to 83 compared to 96 recorded at the end of June, and 119 at the original baseline of April 2022.
There were currently four red departmental risks, which included two IT-related risks, a revenue performance indicator data risk, and a risk of failure to deliver a service to the Care Quality Commission (CQC) requirements at St. David’s House. In particular, Members’ attention was drawn to the significant likelihood of the Council being unable to obtain cyber security insurance after the current policy ended. This was deemed to be a great risk given that government agencies had been particularly exposed to cyber-attacks.
The Interim Director of Finance reported that one additional risk had been added to the Corporate Risk Register, relating to the delivery of Levelling Up, UK Shared Prosperity Fund (UKSPF) and Towns Fund projects. This was due to the resource implications and the requirement to spend all funding before April 2025 (UKSPF) and April 2026 respectively. The conditions of the funds stipulated that any unspent monies had to be returned, and the risk of not spending the allocated funds was exacerbated as nationally local authorities would be competing for a limited number of contractors to undertake the projects.
Following the presentation of the report, Members queried why the table of corporate risks presented in the report did not include a name of risk owner and target resolution date against each risk. In response, the Interim Director of Finance explained that this was included in the working version of the corporate risk register and would be included in the versions to be provided to Members at subsequent meetings.
It was requested that the motion be moved by the Committee with regards to recommending to the Executive that it write to the Local Government Association (LGA) about finding a solution to facilitate the future-years provision of cyber security insurance for the local government sector.
[The Committee adjourned between 20:18 and 20:23 as suitable wording for the motion was prepared.]
The wording of the motion was then agreed as follows:
‘that the Executive Committee, given the possibility of no Cyber Security insurance in future years, recommend to the Local Government Association (LGA) that they facilitate a process to help local government cover this deficiency.’
On being put to the vote this recommendation was carried.
A further vote was then carried out in respect of the recommendations contained within the report, which were also carried.
RECOMMENDED to the Executive Committee
RESOLVED that
2) the present list of Corporate Risks be noted, and;
3) the progress made on the Action Plan approved by the Corporate Management Team (CMT) on the 16 March 2022 be noted.
Supporting documents: