Agenda item

Report by the Director of Finance, Performance and Procurement.

The Committee is asked to review the information detailed in the report, the current Corporate Risk Register and provide comment as necessary.

10.1   The Committee considered a report by the Director of Finance, Performance and Procurement (copy appended to the signed minutes).

10.2   The Chairman informed the Committee that Mrs Curry, Executive Director Children, Adults, Families, Health & Education, would be attending the next meeting to talk on Corporate Risk 55.  The Committee requested that Mrs Curry also discuss Corporate Risk 56.

10.3   Mr Pake, Corporate Risk and Business Planning Manager, introduced the report and explained the new format for the Corporate Risk Register which included an action plan to help monitor responsibility.

10.4   The Committee made comments including those that follow.

• Queried the order of the risk register and if it could be sorted by priority order.  – Mr Pake explained that this was possible; however he felt it was important to consider risk proximity as well as the risk score.
• The Committee requested clarity on the definition of risk proximity and if this should be recorded in the risk register.  – Mr Pake explained that risk proximity gave consideration to when the impact of a risk would occur.  This was considered during the risk assessment stage and may influence the priority of a risk.  A high scoring risk may not impact for some time, whereas a risk with a slightly lower score could occur sooner.  Due to this it may be necessary to commit resources to mitigate the lower scoring risk first.  Ms Eberhart gave reassurance that all risks were discussed individually regardless of score.  Ms Eberhart resolved to look into this query and add clarity to future reports.
• Noted the risks related to IT and sought clarity on the plans to improve IT and the costs involved.  – Ms Eberhart reported that this was being considered by the Cabinet Member for Highways and Infrastructure and that there was a detailed roadmap for the migration of IT.  Mr Mezulis, Chief Information Officer, explained that the IT strategy included a cloud based approach that would help with the business change drive.  The ‘Evergreen’ status of this approach would ensure all applications were kept up to date which would ensure compliance.  Secure email accounts would be used by default.  Mr Mezulis resolved to share an IT Strategy update with the Committee.
• Queried the change for Members’ IT.  – Mr Mezulis explained that the IT strategy included a major upgrade to the Microsoft suite that would be a migration in the autumn.  Members would be included at an appropriate time to ensure a smooth transition.  Options within the strategy included smartphone and tablet capability.  Lifetime passwords were also being considered, which would require 14 characters.
• Noted the previous discussion on contract risks and asked if future reports could include this information.  – Ms Eberhart resolved to add information to future reports that would highlight key risks.  Mr Hunt added that the new arrangements would have PFSC looking at these risks.
• Commented that key contract discussions took place at the negotiation stage and that scrutiny may be ineffective if the contract was already in place.  – Ms Eberhart agreed that commissioning was a key area for consideration and that the TOM would be looking at this.  Ms Eberhart agreed to circulate slides on the TOM to the Committee.
• Raised concerns on the security risks for cloud services.
• Welcomed the new design which would help with risk monitoring.

10.5   Resolved – That the Committee notes the information detailed in the report, the current Corporate Risk Register and requests that future reports include highlight information on key contract risks.