Agenda item
Corporate Risk Management
To receive a report on Corporate Risk Management.
Minutes:
The Committee considered the Corporate Risk Register.
During the discussion of this item, the following points were made:
· Discussions had commenced on the identification and mapping of interdependencies between risks in order to better understand and mitigate the impact of a number of risks materialising simultaneously. The output from these discussions would be shown in the next iteration of the Corporate Risk Register.
· One new risk had been added covering housing numbers in the Borough (risk no.19). This has been added in response to the Government consultation paper on Planning for the Future,
· The Brexit risk (no.10) had an increased risk profile resulting in further mitigating actions being planned. Members were reminded that the Brexit Officers Group had been re-established.
· The Climate Emergency risk (no. 13) in terms of impact and likelihood had been re-assessed as “Very High.” Overview and Scrutiny had been reviewing Climate Emergency and a report on their findings would be considered by the Executive in the future. Mitigations for the risk might change following this.
· The Pandemic risk (no. 18) in terms of impact and likelihood has been re-assessed as “High.” The Covid situation was fast moving and changing.
· The Director Communities, Insight and Change indicated that her directorate had been formed in March and that she had joined the Council in May.
· The Director Communities, Insight and Change indicated that she was responsible for;
Ø digital and change;
Ø customer and localities
Ø communications, engagement and marketing;
Ø Human Resources
Ø Strategy and planning
· Covid had changed the Council’s work pattern and had led to a change in behaviours. Having the majority of the workforce working from home had put great pressure on the IT system and a robust IT infrastructure had been vital.
· The Assistant Director Digital and Change indicated that the Council’s telephony structure had been built and sized for a primarily office based workforce. Whilst IT had planned to move to a more cloud based solution, this had been planned for 2023/24. However, IT had been able to look at the way in which the telephony system was set up to ensure that there were no breaks in service either for external or internal customers. All critical services were currently forwarded out through the infrastructure. Contact centre staff could continue to work from home during the pandemic. Adults and Children’s Services calls had been moved into Netcall, the Council’s contact centre solution.
· The amount of staff working from home had grown from approximately 300 to approximately 1100 during the pandemic. The Council’s internet capacity had been increased from 300MB to 700MB. Mitigating actions had been put into place very quickly.
· Councillor Shepherd-DuBey asked about the single point of failure firewall. The Assistant Director Digital and Change commented that there were sufficient steps in place to ensure that the Council could still continue to work successfully. Over the next year, the Council would look to move its firewall into Microsoft Azure Cloud. At present, there were no corporate level concerns. The Assistant Director Digital and Change offered to provide an update at the Committee’s next meeting. She emphasised that 75% of the Council’s services were cloud based but there were some that could not be supplier hosted or be run through Microsoft Azure Cloud.
· Councillor Shepherd-DuBey questioned why the Climate Emergency risk was ‘very high’. The Assistant Director Governance indicated that it was one of the Council’s key priorities. Councillor Burgess added that the Climate Emergency Task and Finish Group had reviewed and commented on the Climate Emergency Action Plan.
· Councillor Sargeant asked about measures being taken to mitigate against the workforce risk in light of Covid. The Director Communities, Insight and Change stated that where staff were working from home there was now virtual teams. Many podcasts on running a virtual team and also wellbeing had been produced. Update emails and newsletters were sent to staff and the Chief Executive had introduced the Big Chat, a weekly opportunity to update staff and for them to ask questions.
· In response to a question from Councillor Ross, regarding her areas of responsibilities, the Director Communities, Insight and Change clarified that the Strategy and Planning team dealt with matters such as the KPI reporting and helping to produce the Council Plan.
· Councillor Ross noted that with regards to Risk 19, the Corporate Risk Register stated that as it was a new and emerging risk with a short-term timescale, a verbal update would be provided at the Audit Committee meeting. The Assistant Director Governance indicated that he had nothing further to add to the statement made by the Leader of the Council at the Council meeting on 17 September.
· Councillor Gee expressed surprise that the Government’s proposals around land supply had not been included as a separate risk. The Assistant Director Governance indicated that Risk 19 was intended to cover everything within the Government consultation.
· Councillor Gee referred to the risk around SEND reform and questioned how much of the relevant workforce was permanent and how much was temporary, what the level vacancies was, and how this impacted on staff morale. The Assistant Director Governance agreed to seek clarification from the Director Children’s Services, who he suggested the Committee invite to the next meeting to present the Corporate Risk Register.
· Councillor Gee stated that not all residents, particularly some more elderly residents, were online. She asked how these residents were supported. The Assistant Director Governance emphasised that the Council had been looking for some time at ensuring that its services were inclusive. Overview and Scrutiny were currently reviewing the Council’s response to the Covid pandemic and this included how it had responded to its elderly and vulnerable residents. The Assistant Director Digital and Change added that key services had still been available via telephone during the pandemic.
· With regards to the Safeguarding Children and Young People risk, Councillor Burgess noted that the reporting of domestic abuse had increased as had mental health and emotional wellbeing challenges, and asked how this was being managed and mitigated against. The Assistant Director Governance indicated that he would seek a response from the Director Children’s Services.
· In response to a question from Councillor Burgess regarding the data protection risk, the Assistant Director Governance clarified that a data protection audit had recently been carried out and was in its final stages. It would receive a level 2 assurance.
· Councillor Burgess felt that the leaflet drop listed as a mitigating action for Risk 19 was a political decision rather than a genuine mitigating action.
· With regards to the risk around equality duty, Councillor Burgess suggested that an assessment be carried out about how different groups had been impacted by Covid. The Assistant Director Governance indicated that part of Overview and Scrutiny’s review of the Council’s response to the pandemic, would include this element. It was agreed that the wording of the risk could be crisper.
· Councillor Shepherd-DuBey felt that more could be done around equalities.
· Justine Thorpe suggested that the Audit Committee should not be reviewing individual risks within the Corporate Risk Register and should be seeking overall assurance on the process of risk management to ensure that everything was working well.
· With regards to GDPR, Councillor Shepherd-DuBey asked how the Council managed organisations that handled data for it. She was informed that information sharing agreements were in place and that any data breaches would be reported.
RESOLVED: That the risks and mitigating actions of the Council’s corporate risks, be considered and noted.
Supporting documents:
PDF 356 KB