10.1 The
Committee considered a report by the Director of Finance,
Performance and Procurement (copy appended to the signed
minutes).
10.2 The
Chairman informed the Committee that Mrs Curry, Executive Director
Children, Adults, Families, Health & Education, would be
attending the next meeting to talk on Corporate Risk
55. The Committee requested that Mrs
Curry also discuss Corporate Risk 56.
10.3 Mr
Pake, Corporate Risk and Business Planning Manager, introduced the
report and explained the new format for the Corporate Risk Register
which included an action plan to help monitor responsibility.
10.4 The Committee made
comments including those that follow.
- Queried the order
of the risk register and if it could be sorted by priority
order. – Mr Pake
explained that this was possible; however he felt it was important
to consider risk proximity as well as the risk score.
- The Committee
requested clarity on the definition of risk proximity and if this
should be recorded in the risk register. – Mr Pake explained that risk
proximity gave consideration to when the impact of a risk would
occur. This was considered during the
risk assessment stage and may influence the priority of a
risk. A high scoring risk may not
impact for some time, whereas a risk with a slightly lower score
could occur sooner. Due to this it may
be necessary to commit resources to mitigate the lower scoring risk
first. Ms Eberhart gave reassurance
that all risks were discussed individually regardless of
score. Ms Eberhart resolved to look
into this query and add clarity to future reports.
- Noted the risks
related to IT and sought clarity on the plans to improve IT and the
costs involved. – Ms
Eberhart reported that this was being considered by the Cabinet
Member for Highways and Infrastructure and that there was a
detailed roadmap for the migration of IT. Mr Mezulis, Chief Information Officer, explained
that the IT strategy included a cloud based approach that would
help with the business change drive.
The ‘Evergreen’ status of this approach would ensure
all applications were kept up to date which would ensure
compliance. Secure email accounts would
be used by default. Mr Mezulis resolved
to share an IT Strategy update with the Committee.
- Queried the
change for Members’ IT. –
Mr Mezulis explained that the IT strategy included a
major upgrade to the Microsoft suite that would be a migration in
the autumn. Members would be included
at an appropriate time to ensure a smooth transition. Options within the strategy included smartphone
and tablet capability. Lifetime
passwords were also being considered, which would require 14
characters.
- Noted the
previous discussion on contract risks and asked if future reports
could include this information. –
Ms Eberhart resolved to add information to future
reports that would highlight key risks.
Mr Hunt added that the new arrangements would have PFSC looking at
these risks.
- Commented that
key contract discussions took place at the negotiation stage and
that scrutiny may be ineffective if the contract was already in
place. – Ms Eberhart
agreed that commissioning was a key area for consideration and that
the TOM would be looking at this. Ms
Eberhart agreed to circulate slides on the TOM to the
Committee.
- Raised concerns
on the security risks for cloud services.
- Welcomed the new
design which would help with risk monitoring.
10.5
Resolved – That the Committee notes the information detailed
in the report, the current Corporate Risk Register and requests
that future reports include highlight information on key contract
risks.