To consider a report from the Director of Finance (s151 Officer).
Members considered a report from the Director of Finance (s151 Officer) which provided the Committee with a progress update on the Corporate Risk Register for the third quarter to 31 December 2020.
The Director of Finance (s151 Officer) introduced the report before welcoming the Senior Risk Officer to provide a detailed overview. This began by informing members that there had been no further risks added to the register during Quarter 3 and no risks removed from the register and there were no proposed changes to the risk scores for Quarter 3. Throughout Quarter 3 there remained the emerging risk of climate change and its potential impact on Council services. The Senior Risk Officer stated that though there had been no changes to the risk scores in Quarter 3, risk management activity had intensified, and this was reflected in the volume of risk mitigation work which had been undertaken.
During the third quarter of 2020/21, the Council along with other Local Authorities faced a particularly challenging period with significant rises in COVID-19 cases leading to the second national lockdown and introduction of the tiering system across the UK. As discussed in the Committee meeting in January 2021, in Quarter 3 the Council anticipated additional pressures and impacts from severe weather, seasonal flu, the end of the EU Exit period and the increasing pressure on Health & Social Care systems. In anticipation of this combination of events, the Council had been proactive in analysing and developing a suite of response arrangements including; Adult Social Care Winter Plans, EU Exit risk assessments, business continuity and emergency response plans in order to deal with the potential complexity of the concurrent impacts from these events.
Members were reminded that Quarter 3 saw the new UK-EU Trade and Cooperation Agreement come into effect at 11pm on 31 December 2020 and were informed that the EU Exit Officer Working Group would continue to meet quarterly to monitor relevant risk assessments, provide oversight of any further key milestones to ensure compliance with the new UK-EU Trade and Cooperation Agreement and to provide a wider horizon scan of the impact of new EU Policy changes as well as the medium to long term impact on the Economy and Communities across Cumbria. Members were assured that there had been no immediate impacts experienced by the Council in relation to exiting the EU however, the wider impact on certain sectors of the Cumbrian Economy such as the Haulage Sector were being closely monitored.
The Executive Director – Corporate, Customer and Community Services Members provided assurance regarding a question of risk in relation to cyber security. The Senior Manager - ICT Delivery addressed a specific question regarding the exploitation of vulnerabilities found in the Microsoft Exchange Server mail and calendar software for corporate and government data centres. He explained that on 4 March 2021 the Council were informed of the vulnerability by the Microsoft account manager and the National Cybersecurity Centre, the servers were successfully patched within hours and a subsequent check on email servers showed that the Council had not been affected by the Zero Day exploit. The Senior Manager – ICT Delivery explained that cyber security and information security was a high priority for the ICT team and the Council, and he was confident that the embedded processes, the right members of staff and the right skill sets would continue to mitigate any threats.
A discussion took place regarding the joint work of Adult Social Care and Children’s services to identify issues relating to domestic abuse over the course of the COVID-19 pandemic. The Assistant Director for Adult Social Care provided assurance that each of the respective safeguarding boards had worked closely to identify any emerging safeguarding issues for both adults and children. It was AGREED that a collaborative response from Adult’s and Children’s Services be circulated to members.
The Director of Finance (s151 Officer) reflected on the context of the Quarter 3 Corporate Risk report and spoke positively of the Council’s management of the risks presented in Quarter 3.
In response to a question regarding workforce mental health, the Executive Director – Corporate, Customer and Community Services explained the prioritisation by the senior team to demonstrate the importance of mental health interventions. Members heard that the employee support portal was accessible to all members of staff as a part of a growing programme of support. The progress of the detailed interventions described in the report would be reflected in the Quarter 4 corporate risk report and had been driven by engagement with external experts including Hull University to discover what more could be done to support the workforce. It was AGREED that the Workforce Matters presentation from the last meeting of the Scrutiny Management Board be shared with the Audit and Assurance Committee.
Officers were asked to consider the ‘loss of corporate memory’ as a risk ahead of the proposed reform of local governance arrangements to ensure continuity. The Executive Director – Corporate, Customer and Community Services provided assurance that comprehensive risk assessments would be carried out collaboratively with district and borough council partners as part of the Local Government Reorganisation and significant programme of change.
The Chair asked a question regarding information security and the relationship between the CCTV Compliance Statement and the RIPA Regulations. The Executive Director – Corporate, Customer and Community Services explained the RIPA Regulations and the regular review of the RIPA arrangements and AGREED that more information regarding the CCTV Compliance Statement be circulated to the Committee.
RESOLVED that, members noted the updates to Corporate Risks for Quarter 3 2020/21 and agreed that the report provides sufficient assurance that the current Risk Management arrangements are both robust and effective.