Agenda item

Strategic Risk Register

To provide an update to the committee on the progress of the Council’s identified strategic risks (report of the Assistant Director Corporate and Portfolio Holder Corporate and Communications enclosed).


Consideration was given to the report of the Assistant Director Corporate and Portfolio Holder Corporate and Communications, which provided an update to the Committee on the progress of the Council’s identified strategic risks.


The Senior Change, Innovation and Performance Business Partner provided the Committee with the following updates:

·         the risk associated with changes in legislation of policy in response to Covid 19 had decreased in likelihood. During the recovery phase, the Public Protection Team had been able to focus on statutory duties;

·         the risk of Council performance had increased in Q2 which had reflected Contact Centre underperformance. The Council had been assured that work had been in progress and improvements had been implemented;

·         the Housing Manager had reported an increased risk around Housing Team resources and support. An overview of the assessment was presented which stated that performance had been sustained at 4 weeks’ processing time; performance had been monitored on a weekly basis; and trends had been reported on a monthly basis. The retention of temporary staff had been challenging due to the transient nature of this workforce. Permanent and fixed term recruitment campaigns had been due to commence. This had been a new assessment which was to be shared with the Committee and would be reflected in the next iteration of the risk report.


The officer highlighted that the risks stated in the report reflected the situation to the end of September 2021 and had not incorporated the new partnership which came into effect from 1 October 2021. Work would be completed across the partnership which considered new and existing risks. The committee would be kept informed of any changes to risk ownership responsibilities.


The Committee considered the report and made the following comments:

  • Members queried page 41 of the risk report which had shown an increased risk in SHDC performance whilst the performance of PSPS had not changed. A risk had been suggested for both.
    • the officer confirmed that the reduction in council performance had related to the Contact Centre (PSPS) but the risk had considered public perception. An interim assessment would take place and shared with the Committee.


  • Members questioned the Safeguarding item on page 45 in respect of supporting evidence for ‘clear referral pathways’.
    • the officer confirmed that evidence would be requested from the owner of the risk.


The ICT manager (PSPS) attended to respond to issues raised from the Governance and Audit Committee meeting on 29 July 2021. The following points were made:

  • that the risk around a single firewall which came from the Remote Access audit had now been completed and closed. The risk now appeared on the register;
  • confirmation that single points of failure had existed beyond internal systems, such as British Telecom, which had not been within the control of PSPS.  A replacement programme had been established to review stronger resilience which had been due for completion by the end of the financial year;
  • that the cyber audit had been brought forward to Q3 as requested;
  • that the cyber incident which occurred in March 2021 had not affected the risk score as a longer view had been taken and the issue had been resolved;
  • that a major incident report had been circulated to Committee members which had detailed the analysis of the major outage in November 2020.


Members considered the responses and made the following comments:

  • the Chairman stated that circulation of the major incident report had instilled confidence that action had been taken;
  • Members stated that online threats to residents had been difficult to predict and that this had affected older residents who had been defrauded. Whilst it had been acknowledged that the ICT Manager’s (PSPS) remit had been to secure SHDC’s internal systems, members asked whether internal expertise could have been used to help prevent residents falling victim to online fraud. The Communications Team had circulated messages where known frauds had taken place.
    • The ICT Manager (PSPS) stated that complete online confidence had been difficult to achieve but potential communications/signposting could be considered.


That the content of the report be noted.

Supporting documents: