Agenda item
OPERATIONAL RISK AND OPPORTUNITY MANAGEMENT - UPDATE REPORT
The Head of Corporate Risk and Insurance will submit the Operational Risk and Opportunity Management update report.
Minutes:
Mike Hocking (Head of Corporate Risk and Insurance) provided the Committee with an update on Operational Risk and Opportunity Management.
Members were advised that –
(a) |
the total number of operational risks reported had decreased from 159 to 140 comprising of three red risks, 67 amber risks and 70 green risks;
|
(b) |
it was considered that one of the reasons for the decrease in the number of risks was due to a risk review within the Chief Executive’s Office;
|
(c) |
the three red risks related to Medium Term Financial Strategy issues, increasing homelessness as a result of the welfare reform changes and the deterioration of the condition of the City’s Highway network; |
(d) |
the Transformation Project was aiming to deliver a significant amount of the 64m budget gap; a workshop was being planned to log the risks to delivery of outcomes; risks to project outcomes would be tracked via project logs and the over-arching risk would be added to the Strategic Risk and Opportunity Register;
|
(e) |
it may be useful for Members to invite the Director responsible for the Transformation Programme to attend a future meeting to outline the governance of the Transformation Project;
|
(f) |
an information security breach occurred in July 2013 involving a caseload listing being sent to the wrong recipient; the ICO (Information Commissioners Office) ruled that the type of data on the caseload listing was not sufficient to initiate their regularity intervention; no monetary penalty notice was imposed;
|
(g) |
the Council took the decision to invite the Information Commissioner to undertake an audit; it was expected that this would happen at the end of January 2014; further information on this matter would be provided to Members in March 2014;
|
(h) |
a mandatory data safe eLearning course had been designed for all council staff with access to a computer; 37% of all computer users had completed the course;
|
(i) |
Devon Audit Partnership undertook an independent review of the Council’s information governance arrangements and sent out questionnaires to a range of staff members to gauge the level of awareness across the organisation; Members would be provided with an update in March 2014. |
In response to questions raised it was reported that –
(j) |
the data safe eLearning course took approximately 30 minutes to one hour to complete; |
(k) |
the Data safe eLearning course was designed for members of staff however officers were in discussions with the Democratic and Members Support Manager to issue something similar for elected members; it was considered that this may be guidance other than a quiz;
|
(l) |
the Head of Corporate Risk and Insurance would provide Members with a refresher on the scoring system for risks;
|
(m) |
since the information security breach in July 2013 the Council had initiated a staff awareness campaign during October 2013; guidance pages were published on the Council’s staffroom web pages;
|
(n) |
the breach was considered to be a human error and sanctions had been undertaken to prevent such information security breaches to happen again. |
Agreed that –
1. |
the Interim Director for Corporate Services is invited to the March 2014 Audit Committee in order to provide Members with an outline of the governance arrangements of the Transformation Project;
|
2. |
the Committee note and endorse the current position with regard to operational risk and opportunity management. |
Supporting documents: