Agenda item

The Head of Finance and Customer Services introduced the report which set out Council activity to identify, monitor and mitigate risk. It was noted that this was the eighth cycle of reviewing corporate and departmental risks since the original baselining of risks in April 2022. It was noted that risk was managed centrally through the 4Risk System and the organisational risk level had moved to a moderate assurance level from May 2023.

There were 14 corporate risks on the corporate risk register with a corporate risk relating to impact of changes to partner funding arrangements now mitigated and was no longer a corporate risk. The corporate risk relating to management of contracts had reduced from yellow to green rating, and the financial position rectification had reduced from red to amber rating due to general election now having taken place and the probability that there might be a multi-year local government finance settlement announced in November / December 2024.

There were 49 departmental risks compared to 47 in the previous reporting period. It was noted that in terms of staff non-compliance with procurement more support had been provided to managers in the form of courses which would improve budget manager skills and understanding of the TechOne system.

It was highlighted that there was an ongoing corporate red risk relating to cyber security which it was important for both Members and Officers to continually guard against the risk and engage in refresher training. It was noted that the Council did significant work to mitigate this risk including through the use of KnowBe4 phish alert functionality to report suspicious emails and the Council had also successfully renewed its cyber security insurance.

It was further noted that in terms of Council’s insurance contracts, Property information remained an issue. Insurers were now requesting significantly more detail and it would now take the Council significant time to get data to the required standard. This issue highlighted a deficiency in property data capture – which linked to the Corporate Customer Risk linked to data.

Members were informed that the biggest risk to the Council (red graded) was in relation to the delivery of Towns Fund and UKSPF projects, in particular to the delivery of Town Hall refurbishment. In response to a question, it was confirmed that the significant risk was related to the updated plans for Town Hall refurbishment which included the decision to not relocate the library to the Town Hall.

Following the officer presentation, the following issues were discussed by Members:

·       Performance data dashboard – It was confirmed that the new approach to performance monitoring was in the process of being implemented which included agreed five/six performance indicators per service area and a RAG-rated performance report being presented to Members, with the first iteration to be presented via performance monitoring reports in September / October.

·       New Customer Data Integration – It was noted that the Council would be undertaking a data integration of its customer data to ensure that there was one set of consistent records across Council departments. It was noted that Government would now be allocating funding at a local level based on data and it was therefore imperative that Council’s data was clear and consistent. It was highlighted that the data integration process would take several years and the Council would begin with the biggest data systems such as Civica system (for Revenue and Benefits data).

·       Council’s Housing Disrepair Liability – It was agreed as an action for Officers to provide the information on the Council’s Housing Disrepair Liability.

·       Cyber Security – Officers reported that the Council was rated highly in terms of its cyber security arrangements at the Local Government Association (LGA) conference this year, however, this was an area where improvements were always needed, especially in light of the recently reported high-profile cyber attacks at other authorities. As such, the Council was investing additional circa £30,000 a year to improve its cyber security. During the discussion of this issue, Members highlighted that whilst there were cyber security measures to assist Members, there was no requirement for Members to undertake a cyber security training. The Committee agreed that a recommendation to introduce a compulsory cyber security training to all Elected Members should be submitted to the Executive Committee. On being put to the vote, this recommendation was carried.

RECOMMENDED that

the Executive be asked to introduce compulsory cyber security training for all elected Members.

RESOLVED that

the present list of Corporate and Departmental Risks be noted.