(a)

the total number of operational risks reported had decreased from 159 to 140 comprising of three red risks, 67 amber risks and 70 green risks;

(b)

it was considered that one of the reasons for the decrease in the number of risks was due to a risk review within the Chief Executive’s Office;

(c)

the three red risks related to Medium Term Financial Strategy issues, increasing homelessness as a result of the welfare reform changes and the deterioration of the condition of the City’s Highway network;

(d)

the Transformation Project was aiming to deliver a significant amount of the 64m budget gap; a workshop was being planned to log the risks to delivery of outcomes; risks to project outcomes would be tracked via project logs and the over-arching risk would be added to the Strategic Risk and Opportunity Register;

(e)

it may be useful for Members to invite the Director responsible for the Transformation Programme to attend a future meeting to outline the governance of the Transformation Project;

(f)

an information security breach occurred in July 2013 involving a caseload listing being sent to the wrong recipient; the ICO (Information Commissioners Office) ruled that the type of data on the caseload listing was not sufficient to initiate their regularity intervention; no monetary penalty notice was imposed;

(g)

the Council took the decision to invite the Information Commissioner to undertake an audit; it was expected that this would happen at the end of January 2014; further information on this matter would be provided to Members in March 2014;

(h)

a mandatory data safe eLearning course had been designed for all council staff with access to a computer; 37% of all computer users had completed the course;

(i)

Devon Audit Partnership undertook an independent review of the Council’s information governance arrangements and sent out questionnaires to a range of staff members to gauge the level of awareness across the organisation; Members would be provided with an update in March 2014.

(j)

the data safe eLearning course took approximately 30 minutes to one hour to complete;

(k)

the Data safe eLearning course was designed for members of staff however officers were in discussions with the Democratic and Members Support Manager to issue something similar for elected members; it was considered that this may be guidance other than a quiz;

(l)

the Head of Corporate Risk and Insurance would provide Members with a refresher on the scoring system for risks;

(m)

since the information security breach in July 2013 the Council had initiated a staff awareness campaign during October 2013; guidance pages were published on the Council’s staffroom web pages;

(n)

the breach was considered to be a human error and sanctions had been undertaken to prevent such information security breaches to happen again.

1.

the Interim Director for Corporate Services is invited to the March 2014 Audit Committee in order to provide Members with an outline of the governance arrangements of the Transformation Project;

2.

the Committee note and endorse the current position with regard to operational risk and opportunity management.