To present to the Audit Committee the updated Corporate Risk Register.
Minutes:
The Committee heard how the register underwent the review process with some highlights as follows.
The Council continued to deal with issues relating to Corporate IT and was committed to ensuring users were not put at risk of cyber-attack. Staff continued to conduct online training, which formed part of the Council’s induction training protocols.
Tendring Council had commenced a review of the Local Plan, in line with the agreement of the Planning Policy and Local Plan Committee. This review was focused on updating the current plan, and not rewriting it. There were guiding principles that had to be followed during this process. This document needed to be passed to the Secretary of State by the current deadline - June 2025. Tendring Council intended to produce the document before expected changes took effect.
Regarding the Garden Communities project, a development plan was being created through partnerships between Tendring, Colchester, and Essex, which set out a more detailed framework for the layout and delivery of the proposed garden community. This had already been subject to public consultation and had been submitted to the Secretary of State to begin the process of independent examination. A Planning Inspector had been appointed to conduct the examination, which would take place in May 2024.
The changes to the Corporate Risk Register set out in this report reflected minor changes undertaken since the Committee had last considered the register in July 2023. It provided updates, where needed, and revised changing deadlines.
Item 2d - Ineffective delivery of Transforming Tendring project - was considered for removal as this project had now been completed.
The table below set out all amendments to the Risk Register since it was last considered by the Committee in July 2023.
Risk Register Item |
Amendments / Comments |
New Risks Identified |
None |
Risks Removed |
None |
Risk Scores Amended |
None
|
Risk number changed.
|
None |
Risks Amended |
1a - Failure to effectively manage assets – small update to the main wording.
1b – Catastrophic IT network failure – Physical Infrastructure control updated. Risk of aging network hardware failure.
1c – Ineffective communication/management of information – slight update on main wording.
2a – Coastal Defence - Responsible Cabinet member details updated to show Councillor M Bush.
1d – Ineffective Cyber Security Physical and Application (software) Based Protection Management – main wording changed – note added in relation to the Election potentially bringing a hostile cyber-attack on public sector services.
2e – Essex Family/Family Solutions – main text updated relating to Clacton based post being transferred to the Council establishment reducing the risk to families. Additional family solutions post funded for 21 months.
2f – Garden Communities - current action updated to reflect the two rounds of public independent consultation being conducted and results submitted to the Secretary of State to begin an independent examination. A planning inspector has been appointed to conduct the examination in May 2024.
3c – Health and Safety – current action updated to reflect that there is an additional NEBOSH trained officer.
3a – Member Conduct – update provided relating to increase in complaints at District level. Training carried out by Town and Parish Councillors further training required.
3b – Failure to comply with legislative requirements – main wording updated relating to the need to raise issues with the legal team that might cause concern at the earliest opportunity.
3d – Fraud and Corruption – update provided on compliance team being fully staffed and project work remains ongoing.
5a – Financial Strategy – changes to main wording relating to cost pressures report provided to full Council on Feb 24. 6a – Loss of sensitive and/or personal data through malicious actions loss or theft and /or hacking - update provided on councillors adopting identical working as Officers, adoption of managed devices minimising the number of pathways an attacker can gain access. Additional training to be provided.
6b - Disconnection from PSN Network – main wording amended to reflect the PSN certificate being updated.
7a – Local Plan - current action update provided relating to local plan to be reviewed as agreed by the Local plan Committee in December 2023. Submission of an updated Local Plan before June 2025.
9a – Ineffective Emergency Planning – updated main wording relating to difficulties recruiting EP staff due to home working. Additional training and communication project to be conducted.
9b - Ineffective Business Continuity Planning – update on BIA training for key officers.
|
The Fraud and Risk Team continued to oversee the Council’s Risk Management supported by the Council’s Internal Audit Team. The table set out the work that was currently being undertaken at the time of this meeting.
|
Current Position |
Management Team to promote the importance of operational risk management within the organisation and ensure that Senior Managers implement a process for identifying and mitigating risks in coordination with the Assurance and Resilience Manager |
COMPLETED - Management team continue to be updated with urgent matters on a quarterly basis and the training identified below will further support this action.
|
Actions to be undertaken to identify and record key operational risks within service areas relating to risk management and business continuity. Support to be provided by Internal Audit manager if required |
This remains ongoing with actions planned for 2024/25. |
InsertRichText(GetColumn(“FinDesc”))
Follow up item.
Arrange Risk Management training for all departments across the council |
Suitable Risk Management training has been identified; currently being reviewed with the aim of rolling this out during 24/25. (members and officers) |
After a short discussion it was moved by Councillor Sudra, seconded by Councillor Steady, and RESOLVED that the updates provided to the current Corporate Risk Register, be noted.
[IF1]Font size too large
Supporting documents: