Table 1
SR 2	The Council is not financially sustainable	5 x 4 ◄► RED	4 x 4 ◄► RED	Policy & Resources Committee	Chief Finance Officer
SR 36	Not taking all actions required to address climate and ecological change and transitioning our city to carbon neutral by 2030	4 x 5 ▼▲ RED	4 x 4 ◄► RED	Environment, Transport & Sustainability Committee	Executive Director, Economy, Environment & Culture
SR 37	Not effectively responding to and recovering from COVID-19 in Brighton and Hove including building resilience for future pandemics	4 x 4 ◄► RED	3 x 4 ◄► AMBER	Health & Wellbeing Board and Policy & Resources (Recovery) Sub-Committee	Executive Director, Health & Adult Social Care
SR 32	Challenges in ensuring robust & effective health & safety measures, leading to personal injury, prosecution, financial losses, or reputational damage	4 x 4 ◄► RED	3 x 4 ◄► AMBER	Policy & Resources Committee	Director Human Resources & Organisational Development
SR 18	The organisation is unable to deliver its functions in a modern, efficient way due to the lack of investment in and exploitation of technology	4 x 4 ◄► RED	3 x 4 ◄► AMBER	Policy & Resources Committee	Director Human Resources & Organisational Development
SR 25	Insufficient organisational capacity or resources to deliver all services as before and respond to changing needs and changing circumstances	4 x 4 ◄► RED	3 x 4 ◄► AMBER	Policy & Resources Committee	Chief Executive
SR 13	Not keeping adults safe from harm and abuse	4 x 4 ◄► RED	3 x 4 ◄► AMBER	Health & Wellbeing Board	Executive Director, Health & Adult Social Care
SR 15	Not keeping children safe from harm and abuse	4 x 4 ◄► RED	3 x 4 ◄► AMBER	Children, Young People & Skills Committee	Executive Director Families, Children & Learning
SR 10	Corporate information assets are inadequately controlled and vulnerable to cyber attack	4 x 4 ◄► RED	3 x 4 ▼▲ AMBER	Policy & Resources Committee	Chief Executive
SR 21	Unable to manage housing pressures and deliver new housing supply	4 x 4 ◄► RED	4 x 3 ▲► AMBER	Housing Committee	Executive Director, Housing, Neighbourhoods & Communities
SR 24	In the context of Covid-19 the needs and demands for services arising from the changing and evolving landscape of welfare reform is not effectively supported by the council	4 x 3 ◄► AMBER	3 x 3 ◄► AMBER	Policy & Resources Committee	Chief Finance Officer
SR 29	Procurement non-compliance and ineffective contract performance management leads to sub-optimal service outcomes, financial irregularity and losses, and reputational damage	3 x 4 ◄► AMBER	3 x 3 ◄► AMBER	Policy & Resources Committee	Chief Finance Officer
SR 30	Not fulfilling the expectations of residents, businesses, government and the wider community that Brighton & Hove City Council will lead the city well and be stronger in an uncertain environment	3 x 4 ◄► AMBER	2 x 4 ◄► AMBER	Policy & Resources Committee	Chief Executive

APPENDIX 1: CAMMs Risk Report for SR30, SR25, SR10, SR18 and SR32

Risk Code

Risk

Responsible Officer

Last Reviewed

Issue Type

Risk Treatment

Current Rating

Target Rating

Eff. of Control

SR30

Not fulfilling the expectations of residents, businesses, government and the wider community that Brighton & Hove City Council will lead the city well and be stronger in an uncertain environment

Chief Executive

17/11/21

Threat

Treat

L3 x I4

L2 x I4

Revised: Adequate

Causes

Link to Corporate Plan 2020-23. 7 Council Attributes ‘Working in Partnership', actions 7.7

Fulfilling the expectations of business, government and the wider community that Brighton & Hove City Council will lead the city well and be stronger in an uncertain environment. Whilst the council has already established effective partnership arrangements to benefit the city such as Brighton & Hove Connected http://www.bhconnected.org.uk/, the City Management Board (CMB) find out more via http://www.bhconnected.org.uk/content/city-management-board; Greater Brighton Economic Board (GBEB) find out more via https://greaterbrighton.com/about-us/introducing-the-economic-board/) and wider city regional based leadership, if it does not 'step up to the mark' and embrace its role for Placed Based Leadership the council may be perceived as less relevant to business and wider community and others due to factors such as:
1. Brexit's implications & opportunities for the city's economy resulting from the UK exiting the EU given the current trade profile where 45% of Brighton & Hove's trade is with the EU and 79% of this service is service exports. Brighton & Hove is the 9th largest city in the UK for the value of service exports per job (source: Centre for Cities, How do cities trade with the World? April 2019)
2. Other economic uncertainties include the changing shape of retail and the high cost of housing affecting recruitment and retention of workforce across all economic sectors
3. Reduced council expenditure and changes to the traditional municipal model

Potential Consequence(s)

* Our civic institutions are unable to provide effective leadership to the city
* Adverse impact of economic uncertainty and social change on wellbeing, community cohesion and opportunities for citizens so that City Wealth reduces
* Business cannot grow
* Inequality grows
* Fragmentation of communities
* Fragmentation of framework for public service institutions
* Uncertainty over long term funding and rising health and social care demands makes delivery of public services very challenging
* Lost opportunity to position the city as a positive place to attract businesses and employees who will benefit city growth
* Reputation of council suffers as civic leadership role in the city
* Citizens and businesses have less confidence in engaging with the council

Existing Controls

First line of defence: Management Controls
1. Partnership structures, including City Management Board, Greater Brighton Economic Board, Thematic partnerships to further develop shared community leadership of the city.
2. City Management Board are not decision making but they are important influencers and it is an effective way of putting strategic issues on the radar of public authorities.
3. Brighton & Hove Connected (link as above) a network of community & voluntary organisations and businesses in the city and works in an effective way to engage communities on issues of interest.
4. Corporate governance and processes to manage existing council business, eg Performance Management Framework.
5. Fair and Inclusive Action Plan and Directorate equality plans

Second Line of Defence: Corporate Oversight
1. Full Council
2. Policy & Resources (PR) Committee has oversight of key budget and policy decisions and all reports have a financial, legal and community impact assessments.
3. Health & Wellbeing Board have similar assurance functions as the PR Committee.

4. Local Government Association ad-hoc guidance and peer review
5. Corporate Modernisation Delivery Board and the Executive Leadership Team (ELT) oversee the application of the Performance Management Framework.
6. Policy Chairs Board oversight of issues of policy.
7. Corporate Equality Delivery Group
8. Tourism, Equality, Communities and Culture committee
9. Equality and Inclusion Partnership.
10. Sussex Resilience Forum
11. Community Safety Board
12. Safeguarding Adults Board and Safeguarding Children's Board

13. Two Independent Persons on the Audit & Standards Committee.
14. Audit & Standards Committee reviewed this risk in January 2020 and January 2021.

Third Line of Defence: Independent Assurance
1. HM Government
2. External Audit reviews of financial position of the city council - June 2019.
3. Inspectorate reports e.g. Ofsted 2018 - Children's Services - Good Judgement; and Ofsted focused visit in February 2020 looking at services to children in need and child protection plans resulted in positive comment.

4. LGA peer review Equality Framework for Local Government.
5. Investigatory Powers Commissioner – reviewed the use of investigatory powers (2018)
6. Internal Audit
*    2021/22: Major Capital Projects - Brighton Centre/ Black Rock (Reasonable Assurance)
*    2019/20: Brighton Centre (Reasonable Assurance)
*    2018/19: Royal Pavilion and Museums (Partial Assurance), Seafront Investment Strategy (Reasonable Assurance)

Risk Action	Responsible Officer	Progress %	Due Date	Start Date	End Date
Communicate the council's activity to enable the city's strong prospects as a healthy place to live, work and do business, able to withstand challenges and grasp future opportunities	Head of Communications	60	31/03/23	10/01/19	31/03/23
Comments: A huge amount of communications work continues to support the city to keep Covid rates low; through amplification of NHS information and messaging around vaccinations for both Covid and flu. Our targeted social media campaign ‘Is it a cold or is it Covid’ has had very high levels of engagement and we are looking to roll this out across other communications channels over the winter. A new campaign ‘Be Kind, Think of Others’ focusing on continued mask wearing, hand washing, social distancing, ventilation etc is in the early concept stages. The administration has now agreed their communications priorities until April 2023. Which are set out below: Gold campaigns • Climate change - seizing the momentum of COP26: and being able to champion the Carbon Neutral Plan and achievements. Greening projects ie rewilding – getting the city on board – a campaign to encourage engagement in and about our environment. • Public Health – we need to amplify the focus on this after Covid. Recovery - including jobs and economy – is linked, and we need to be able to tell the city that we are keen to focus on our health and wellbeing – as this will help us manage any future pandemics or the ongoing fallout of this one. Silver campaigns • Recycling / refuse campaigns: fly tipping, fly posting, environmental enforcement, clean ups, tidy ups, what you can and can’t recycle – is an endless issue so needs a continuous focus and proactive comms, not always reactive – so good campaign material. • Anti-racism and equalities work: our focus on delivering positive change for vulnerable or excluded communities in the city: highlighting this and spreading positive inclusion messages whenever we can. We want to become a more inclusive and caring city. Bronze campaigns • Housing: our achievements in council housing; less of a campaign and more of an important focus to highlight our work. • Youth: opportunities and different ways to engage young people. Digital is key. • Overarching proactive messaging Consultation and engagement & digital – driving through work that strikes the tone of a caring, friendly city that wants to understand resident concerns and work proactively to resolve them, and that reaches people through different mediums and in the way that is right for them / using the platforms they use. The following key actions which will underpin the communications campaigns over the next two years are: Gold Climate change / A Sustainable City • Supporting the city’s Climate Assembly action plan and creating a £1m Carbon Reduction Reserve to provide for and advance initiatives to support the aim of a carbon neutral city by 2030, improving the sustainability and biodiversity of the city as well as the health and well-being of its residents through promoting active travel, investing in green spaces and tree planting, and improving air quality, for example, through the School Streets and Low Traffic Neighbourhood initiatives • Creation of a Climate Assembly Action Capital Investment Fund • Expansion of the Sustainable Carbon Reduction Initiative Fund (SCRIF) financing budget to lever in additional capital investment for carbon reduction schemes • Expansion of the warmer homes initiative (including district heating plans) through provision of an additional financing budget to lever in capital investment, increasing the total programme to £5.2m • Provision for a Hydrogen feasibility study • Addition of a Rewilding Officer post to manage and enhance biodiversity • Feasibility study for a seafront sustainable transport corridor • Proactive measures are being taken to improve emissions of buses and taxis. Officers have been asked to consider an expansion of a low or zero emission zone that might limit some vehicle types. • We will be working with Greater Brighton and city partners to develop a strong, prosperous, and sustainable economy; through the Carbon Neutral 2030 Programme, the Circular Economy framework and the Living Coast Biosphere through a growing Sustainability Team. • We will work in partnership with key stakeholders to develop a new Local Transport Plan and a Local Cycling and Walking Infrastructure Plan that supports sustainable travel, to contribute towards the city becoming carbon neutral by 2030. • We plan to develop a new City Downland Estate Plan to make best use of our unique landscape and contribute to the carbon neutral agenda creating emission reduction savings, promoting different uses including local food production and exploring a possible solar farm to create a self-sufficient renewable energy supply. Public Health and Covid recovery / A Healthy and Caring City • Further develop the Health & Wellbeing Board as an integral part of the local health & care system, delivering the goals of the city Joint Health & Wellbeing Strategy. • Continue to protect our residents through our Covid-19 Local Outbreak Plan response, including supporting care settings and promoting Covid and Flu vaccination uptake (especially among our most vulnerable residents) • Actively work with local NHS organisations to support their Restoration & Recovery plans to make sure they address the needs of the most vulnerable people in the city • Recognize and support unpaid carers in the city, including developing more respite provision. • A Modernisation Programme for Health and Adult Social Care to deliver better lives and stronger communities. • Implementation of the Joint Health and Wellbeing Strategy, supporting an increase in healthy life expectancy and a reduction of health inequalities. • Promote a City Equalities Standard together with our partners to promote fair employment practice to tackle the under representation of people from BAME communities and disabled people. • We are working collaboratively with the DWP to launch a youth hub in the city – specifically aimed at supporting young people into employment. This group of our residents has been particularly impacted by the pandemic and consequent loss of work • Our Employment and Skills team has been working on an updated Employment and Skills Plan for the city – designed to be effective and flexible as we enter a period of post-Covid recovery. • Community Wealth Building. Creation of a self-financing ‘revolving door fund’ for Community Wealth Building via an on-lending pilot (set-up costs) / Investment in Community Wealth Building to promote ethical employment practices and ensure the use of the city’s public sector spending power to procure goods and services locally for the benefit of our communities. Silver Recycling / refuse campaigns / A sustainable city • We will increase the range of materials that can be recycled in the city, improve the quality of kerbside and extend on street recycling. • The City Environment Modernisation Programme is developing a sustainable future for the service in the context of reducing council budgets, increases in customer demand and an expanding service offer. Activities within the Programme will have an impact on the percentage of waste landfilled. Many projects within the Modernisation Programme will have an impact on the percentage of waste sent for reuse, recycling and composting • The Managing Waste Responsibly Project is improving how the council communicates with and educates the city on recycling. Through collaboration with stakeholders, activities and resources will be designed to improve the city’s recycling rates. Residents will be encouraged to reduce, reuse or recycle before disposing of waste. • We plan to introduce new food waste collection rounds • We will replace our communal bin system with a new system that encourages more recycling and reduces the risk of contamination • We will work with community groups to develop options for a new reuse centre in the city • Information campaign on fly tipping, fly posting, environmental enforcement, clean ups, tidy ups, what you can and can’t recycle. Anti-racism and equalities / A Stronger City • We aim to achieve re-accreditation as a City of Sanctuary • We will create and deliver a new Inclusive Cities Action Plan • We will develop an Accessible City Strategy • We will fund a Community Banking Partnership to tackle financial exclusion • We plan to secure funding to deliver a Black, Asian and Minority Ethnic Civic Leadership Programme • We will deliver the Council’s new tenant and leasehold engagement strategy • We will support the delivery of a new LGBTQ+ Community Hub – the Ledward Centre • We will invest in an independent support service for people who have experienced racially and religiously motivated hate crime • We will implement third party reporting centres for hate incidents and crimes, as an action set out in the Community Safety Strategy • We will work proactively, and in partnership, to meet our duties under the new Domestic Abuse Act Bronze Housing / A City to Call Home • Focus on improving homeless prevention and reconnection to reduce overall numbers and the length of stay for households in Temporary Accommodation (TA). • An ‘end to end’ review of our temporary accommodation (TA) services through a TA Improvement Programme. The programme will include a review of income collection, voids turnaround, procurement, management of lettings etc, as well as work to increase the number of Council-owned TA units. • We will review how the Council can better support rough sleepers reflecting the aims of the Homelessness and Rough Sleeping strategy, learning from the COVID-19 emergency housing programme and consequent budget pressures. • Investment in Housing needs services to improve homelessness prevention, manage the TA service, identify move on accommodation and speed up moves within the housing stock to improve the customer journey and save money through more efficient use of the TA and permanent housing stock. Investment in housing systems and processes to streamline and automate manual processes will also produce savings in future. Some of the changes required will be identified through the TA improvement programme. Youth / A Growing and Learning City • Explore, with partners, investing in a Central Youth Hub that will provide city wide services to young people. • Agree an action plan with Youth Council members that will improve visibility, ensure young people lead on prioritising, planning, and implementing projects, as well as organising and chairing meetings with support from Council Officers • Agree a clear process for measuring success regarding sexual health and mental health services delivered by youth services across the city, as well as how accessible they are for those young people with protected characteristics • The youth employment hub and Employability Service will continue to engage with council teams and organisations supporting young people to ensure that they can access services and support that enable them to achieve personal and career outcomes.
Continue effective collaboration with health & social care within the city	Executive Director Health and Adult Social Care	70	31/03/22	14/02/17	31/03/22
Comments: The Integrated Care System for Sussex will become a statutory function from April 2022 and Brighton and Hove City Council will be a formal partner in its ongoing development and the delivery of health and care services to our whole population. Within the new ICS there will be a placed based governance structure for Brighton and Hove and the principle of subsidiarity will apply where design and delivery of services will focus from neighbourhoods upwards depending on the optimal model of care to meet patient/service user outcomes. Further guidance is anticipated from national government with a white paper imminent on integration which will be considered with the white paper on Adult Social Care ‘People at the Heart of Care’ which was published in early December 2021.
Convening partners to have a joined up understanding of city wide problems and to agree joint approaches to solve them	Head of Policy, Partnerships & Scrutiny	25	31/03/24	18/11/21	31/03/24
Comments: Ensuring the democratic mandate of BHCC is clear to partners across city is vital to this risk to help ensure we have political / community leadership demonstrated within our partnership structures. This will be further developed in Q1 2022. Work with partners in areas such as rough sleeping, infection control, and supporting businesses to access government funding, has emerged due to responding to and recovering from Covid-19.
Develop a strong lobbying strategy to effectively influence government	Head of Policy, Partnerships & Scrutiny	75	31/03/23	07/01/20	31/03/23
Comments: Policy, Partnerships and Scrutiny (PPS) coordinated the material and presentation of the Brighton & Hove City Council submission to Ministry of Housing, Communities & Local Government (MHCLG) All-Party Parliamentary Group (APPG) enquiry into the local authority role in achieving Net Zero. The report is now published by the House of Commons.
Develop and maintain the city's physical assets to meet future challenges, including climate change	Executive Director Economy, Environment & Culture	75	31/03/22	14/02/17	31/03/22
Comments: Strategic Delivery Board is overseeing the City's Investment Programme of regeneration and infrastructure projects. Greater Brighton Economic Board agreed Digital Infrastructure Plan - October 2019 Greater Brighton Economic Board supporting Coast to Capital LEP with development of their Local Industrial Strategy. Greater Brighton Economic Board has established an Infrastructure Panel that is overseeing the delivery of Energy and Water Plans for Greater Brighton. Energy and Water Plans were approved July 2020. Greater Brighton Economic Board considering an investment pipeline of infrastructure projects to support economy recovery following Covid-19 public health crisis. - Cross party working groups for major regeneration projects have recommenced from July 2020 following pause during Covid-19 public health crisis - New City Downland Estate Plan under development, by March 2022. Steps have included: - Continuing to progress investment programme and project pipeline to deliver major regeneration projects and investment in infrastructure - Greater Brighton Economic Board agreed a Covid-19 Economic Recovery Plan in 0ctober 2020 - Progress updates on Covid-19 Recovery Plan and presenting to the Greater Brighton Economic Board (January 2021 and April 2021) - Cultural economy recovery plan agreed November 2020 - Visitor economy recovery plan agreed by TECC committee - June 2021 -An update on the Greater Brighton economy and the impact of the covid-19 pandemic was commissioned and presented to Greater Brighton Economic Board – October 21
Development & Delivery of an Inclusive Cities Action Plan	Head of Communities, Equalities & Third Sector	75	31/03/23	12/02/20	31/03/23
Comments: Previously there was a Collaboration Framework. Focus has shifted to developing a 3 years Inclusive Cities Action Plan as part of the council’s participation in the national Inclusive Cities Programme and as its corporate commitment to being a City of Sanctuary and an anti-racist council ensuring equality of opportunity and access to services for all and the assets they are to the city. This was agreed with members and partners in late 2019. Development of the Inclusive Cities Action Plan was delayed in 2020 due to the pandemic. The Programme coordinators - COMPAS – the Centre on Migration Policy and Society within University of Oxford called a meeting with BHCC in September 2020 to update on the restart of the programme. The council’s Lead Member for Equality and lead officer working on Inclusive cities continues to attend the virtual Inclusive Cities programme meetings - November 2020, January 2021, May 2021 and as required by the national programme. COMPAS has encouraged BHCC to complete its action plan by the end of the calendar year 2021. The Brighton & Hove taskforce met in January and April 2021 and an initial action plan has been developed. Further work on the action plan including consultation on the draft has been paused as staff resources have been directed to the urgent resettlement of Afghan evacuees on the government's resettlement programmes. Work on the inclusive cities action plan is expected to restart in January 2022 when dedicated staff, funded through the government programmes, to deliver the Afghan resettlement scheme has been recruited.
Ensure the council’s Budget Strategy clearly communicates policy priorities, funding and resourcing and aligns with statutory agencies and other key institutions to better manage the risk	Chief Finance Officer	50	31/03/22	07/01/20	31/03/22
Comments: The Corporate Plan (A Fairer and Sustainable City) was approved in February 2020. The 2021/22 budget includes investments linked to each of the Corporate Plan priorities. This includes recurrent, one-off and capital investments. Future Corporate Plan commitments, including Carbon Net Zero, are built into the Capital Investment Programme, where known, and revenue investment of £1m pa is currently assumed in the Medium Term Financial Strategy. The annual budget will categorise all investments against Corporate Plan priorities to ensure clear understanding of how the council’s budget and capital programme will support agreed priorities.
Forming and sustaining strategic partnerships	Head of Policy, Partnerships & Scrutiny	25	31/03/24	18/11/21	31/03/24
Comments: We have established partnerships across city and sub region, but these have been impacted by pandemic and lack of opportunity to convene in person meetings. Some partnerships have maintained via virtual meetings, but there is increasing need to adapt our practice to take account of these developments. We presented to City Management Board recently and agreed to take work further, though this could be impacted by White Paper on Levelling up and Devolution, possibly requiring new arrangements and focus in local areas.
Full and active member of the Local Resilience Forum	Head of Safer Communities	75	31/03/23	01/04/20	31/03/23
Comments: BHCC are active members of the local, Sussex Resilience Forum. Officers from the Emergency Planning and Resilience team attend the working groups and senior managers attend the executive group on a regular basis. A clear action plan has been developed setting out priority work for the group to undertake such as ensuring that emergency plans for each local authority are fit for purpose and that learning and development can be rolled out to ensure that staff are aware of their roles and responsibilities going forward. Several workstreams have been developed including, death management, weather and environment, events, communications and community resilience. The Sussex Resilience Forum links to local health resilience partnership and the Sussex health responders.
Programme to enhance the council's role to support the city economy and promote business	Executive Director Economy, Environment & Culture	95	31/03/22	14/02/17	31/03/22
Comments: The EEC directorate reports Major Projects updates to Strategic Delivery Board. - Government Business Grants and Discretionary Grants delivered to business that are impacted by Covid-19 - Greater Brighton Economic Board have commissioned an economic impact assessment of Covid-19 - City Recovery Programme Governance Structure established with an events and Economy Working Group focused upon supporting local business and economic recovery Steps Include: - Covid-19 Economic Recovery Plan developed and presented to Greater Brighton Economic Board – October 2020 - Covid-19 City Recovery Plan to be developed and presented to P&R Recovery Sub Committee - Arts & Culture sector recovery plan developed with sector partners and presented to TECC Committee January 2021 - Employment & Skills Recovery Plan to be presented to P&R Sub-Committee in March 2021 - Cultural economy recovery plan agreed November 2020 - Visitor economy recovery plan agreed by TECC committee June 2021 - Kingsway to the Sea investment plan allocated £9.5m by government in November Spending review - An update on the Greater Brighton economy and the impact of the covid-19 pandemic was commissioned and presented to Greater Brighton Economic Board – October 21

Risk Code

Risk

Responsible Officer

Last Reviewed

Issue Type

Risk Treatment

Current Rating

Target Rating

Eff. of Control

SR25

Insufficient organisational capacity or resources to deliver all services as before and respond to changing needs and changing circumstances

Chief Executive

17/11/21

Threat

Treat

L4 x I4

L3 x I4

Revised: Uncertain

Causes

Link to Corporate Plan 2020-23. Attributes 7 'How will the plan be delivered' actions to achieve 'A well run council'', action 7.2.

The capacity required to deliver services is impacted by a number of internal and external factors which include:
• Budget pressures caused by reductions in Local Government funding and the Covid-19 pandemic;
• Increasing demand for services across health and adult social care;
• The non-defined timescale of managing the pandemic response and recovery alongside business as usual;;
• The impacts and uncertainty of Brexit, including potential impacts on resourcing;
• A complex political environment of no overall control;
• A challenging industrial relations environment.
These affect our ability to manage the resilience of our organisation which is exacerbated by the reduction in staffing over the last decade, including a reduction in leadership capacity in the top four tiers of the organisation.

Potential Consequence(s)

1. Failure to deliver required changes in the organisation
2. Lack of engagement from trade unions and/or complex employee relations issues
3. Capacity to undertake change work to design high quality services, and to redesign services in line with reduced resource is lost
4. Difficulty of retaining the right staff with the right skills to key posts
5. Council delivery alters and working methods change permanently due to Covid-19 and new technology
6. Negative impact on fulfilment of actions to improve equalities and other statutory duties
7. Partnership working becomes more fragile as a result of changed arrangements after Covid-19
8. Personal resilience tested by increased workloads, different ways of working and less certainty leading to potential stress and sickness
9. Less ability to be agile and flex to the organisation’s needs, drive high quality services and increased performance
10. Less resilience as an organisation.

Existing Controls

First Line of Defence: Management Controls
1. Decision making through the budget process includes effective consideration of resources to deliver on priorities
2. Support from Performance, Improvement and Performance (PIP) and other support services to support the modernisation programme
3. Management capacity and capability being enhanced by Leadership Performance Management processes and Development Programme, and support delivered via the Leadership Network.
4. Staff Survey data is analysed and priority actions agreed with key stakeholders, with plans in place to manage these.
5. Human Resources & Organisational Development (HROD) activity has been pulled together into single 'Our People Promise' to maximise resource efficiencies and ensure there is an attractive and competitive employment offer to attract and retain the right staff with the right skills.
6. Business Planning process including Directorate Plans to identify key priorities with named responsible officers, and plans kept under review to manage capacity.

7. Budget process includes capacity as a key consideration
8. Some statutory Performance Indicators (PIs) are Key PIs and are reported regularly to ELT, quarterly or annually.
9. HR Business Partners support Directorate Management Teams (DMTS) to monitor people related data including staff absence compliance with people related processes such as 121s, return to work interviews, and wider data insight to indicate where there are issues of capacity.
10. A robust wellbeing offer is in place, designed to address all wellbeing needs, and also specific needs related to Covid19.
11.   There is a dedicated role for Trade Unions Relations
12.    Future Ways of Working Programme Board oversees the delivery of the Future Ways of Working Programme
13.   Our People Promise Board oversees the delivery of Our People Promise strategy

Second Line of Defence: Corporate Oversight
1. Executive Leadership Team (ELT) lead delivery of governance arrangements and oversee Gateway process for requests for new resources.
2. Corporate Delivery Modernisation Board (CMDB) and Directorate Modernisation Boards have oversight of a portfolio of modernisation projects and programmes enabling increased organisational capacity such as ICT infrastructure, Business Improvement, Workstyles, People and Culture Change, including the Future Ways of Working, Our People Promise and Fair and Inclusive Workplace programmes.
3. Constitutional Working Group input to streamline governance arrangements and structure
4. ELT and City Management Board exchange details of working arrangements and changes to key personnel across organisations.
5. Members Policy Chairs Board and Policy & Resources Committee have oversight of key policy priorities.
6. Corporate Equalities Delivery Group oversee the delivery of the Fair & Inclusive Action Plan and Directorate Equalities Delivery Groups

7. Reviewed by A&S Committee in March 2021, July 2019.

Third Line of Defence Independent Assurance:
1. Local Government Peer Review 2017 focused on Leadership and Industrial Relations.
2. Internal Audit
*    2021/22: Performance Review Compliance - PDPs and 1 to 1s (Partial Assurance), Agency Staff Contract (Reasonable Assurance)
*    2020/21: Recruitment (Reasonable Assurance), Working Time Directive (Partial Assurance)
*    2018/19: Personal Service Companies and Use of Consultants (Reasonable Assurance), Wellbeing Project (Substantial Assurance)

Reason for Uncertainty in Effectiveness of Controls: Decisions on priorities and resource could impact on the capacity of officers' to deliver on all priorities identified, whilst maintaining services

Risk Action	Responsible Officer	Progress %	Due Date	Start Date	End Date
Deliver the Fair and Inclusive Action Plan	Director of Human Resources & Organisational Development	65	31/03/23	01/04/19	31/03/23
Comments: Modernisation funds have been secured to continue to progress this work through to March 2023 as part of the wider Our People Promise programme. The Fair and Inclusive Action Plan (FIAP) has four workstreams including Accountability & Consequences, Learning & Development, Recruitment, Retention and Progression and Communities and Services. Priority actions to achieve the successful recruitment and retention of staff at all levels from communities not currently proportionately represented within the workforce include delivery of insight programmes, inclusive recruitment training for managers and a review of our Recruitment & Selection Policy. This work will address disproportionate outcomes of the recruitment process, such as BME applicants being less likely to be shortlisted or employed in the middle and upper pay bands. A range of coaching and training is also being offered to increase development opportunities for staff under-represented in the middle and upper pay bands, as well as the new Diverse Talent programme being launched in January 2022 for BME staff employed at grades 3-6. Actions to improve the experience of disabled staff as reported in the Staff Survey 2021 includes improving the workplace adjustments process, providing disability awareness training across the organisation, ensuring opportunities for development and implementation of an IT&D Accessibility project. Measures of success: Deliver specified and non-cashable benefits for the project/programme (March 2022). 5% improvement in staff survey results against ‘The organisation feels like a fair and inclusive place to work’ (Staff Survey – May 2021, to be measured in survey May 2023). The work continues to be developed and implemented and progressed in collaboration with our workers fora and trade unions. It is reported and tracked through the People and Culture Change Board which is chaired by the Assistant Director HROD, as well as oversight from the Corporate Equality Delivery Group, chaired by the Chief Executive.
Deliver the Future Ways of Working Programme, which includes new use of technologies and accommodation	Director of Human Resources & Organisational Development	50	31/10/22	01/11/21	31/10/22
Comments: The Focus Group engagement has built upon the significant amount of initial work taken place to consider future ways of working during Covid19 and continues to be developed in partnership with staff representatives and worker forums. This is to ensure we take advantage of new ways of working established during Covid19 and maximise potential efficiencies in how we use resources by building an employment offer that: 1. delivers to our customer, 2. supports staff wellbeing, 3. is inclusive and accessible, 4. makes us an employer of choice 5. considers our carbon footprint and 6. supports our members New ways of working continue to be designed to inform improvements for the Customer Experience programme and the more efficient use of resources which take the opportunities to embed digital and sustainable recovery. Continuing deployment of new technologies, and in particular tools to support collaboration and flexible working (such as the roll-out of Microsoft 365 and applications) will support staff to have more choice and flexibility in where and the way they work. This is aligned with Our People Promise programme (a great place to work) and increase how time can be spent productively (less travel and improve information management). Our planned and phased reintroduction to offices from September has gone well which was supported with a range of tools, training and assistance for staff and managers and informed by the Focus Groups. A Collaboration Space Pilot will be launched in early January 2022 to test different office set-ups, with further exploration and piloting leading to a full business case on future Accommodation Strategy during 2022.
Deliver the Our People Promise Strategy	Director of Human Resources & Organisational Development	75	31/03/23	01/04/19	31/03/23
Comments: The Our People Promise (OPP) Strategy provides the following commitments; - We promise to support your wellbeing at work - We promise that we will be a fair & inclusive place to work - We promise you opportunities to do your best - We promise to say “well done”, recognise and reward you for great work - We promise you a good place to work so we can do the best for our city These commitments were developed through the feedback staff gave in the 2017 staff survey, and participation by staff from all directorates in a 2018 Think BIG (business improvement group) session. Initiatives and actions delivered through these promises has led to improvements in the 2021 staff survey results. The Our People Promise (OPP) Strategy is being further developed to provide an updated strategy and programme plan to maximise resource efficiencies and to ensure there is an attractive and competitive employment offer to attract and retain the right staff with the right skills. Following the 2021 staff survey the OPP actions are being refreshed to ensure current issues and risks are being mitigated. A draft plan will be considered by the OPP board in December 2021, followed by internal stakeholder input from January-March 2022. A programme plan and strategy document will be produced for 2022/2023.

Risk Code

Risk

Responsible Officer

Last Reviewed

Issue Type

Risk Treatment

Current Rating

Target Rating

Eff. of Control

SR10

Corporate information assets are inadequately controlled and vulnerable to cyber-attack

Chief Executive

17/11/21

Threat

Treat

L4 x I4

L3 x I4

Revised: Uncertain

Causes

BHCC is highly dependent on its digital information asset (more than 300 business systems containing 10’s of millions of records and more that 20 million inbound and outbound emails a year).
This asset is vulnerable to cyber-attack from several threat actors including employees, cyber criminals, hackers and to some extent foreign states.
In addition to an intentional cyber-attack, the sensitive information (personal citizen information or corporate sensitive information) is vulnerable to accidental loss or accidental publication.
The growing volume of digital information (compounded by the tendency to over retain information), the pervasiveness of digital technologies and sophistication of cyber threat requires a constantly evolving approach to cyber security, Information Governance (IG) and Information Management to combat this threat.
The ways of working adopted during the current Covid-19 (C-19) pandemic heightens this risk and would make recovery more challenging.

This risk is linked to the Corporate Plan Outcome: ' A well run city: Keeping the city safe, clean, moving and connected'.

Potential Consequence(s)

• A successful large-scale cyber-attack could halt the entire operation of the organisation. A successful medium scale cyber-attack would severely disrupt services by preventing access information, payments and/or communication. This would have a tangible impact on citizens lives and greatly increase the potential for physical harm and even death due to the impact on service delivery
• A successful medium scale cyber-attack would have serious financial impact. The cost of recovery and repair (and potentially imposed penalties) is likely to exceed £10million
• Any loss of data (either through attack or accident) is likely to damage the council’s reputation with the public who entrust us with their information
• The Public Services Network (PSN) & Health & Social Care Information Center (HSCIC) could impose operational sanctions which would be catastrophic for many services.

Existing Controls

First Line of Defence: Management Action
Prevention - Technical Controls
• Corporate firewall to monitor and control incoming and outgoing network traffic.
• Hard drive protection to prevent access to information on lost or stolen devices.
• Password policy in line with NCSC (National Cyber Security Centre) advice.
• Hosting in a tier three, ISO 27001 Certified datacentre.
• Secure e-mail (using NCSC Mail Check to maintain DMARC, SPF, DKIM and TLS configurations).
• Patching regime in place across entire estate.
• Annual health checks and penetration tests.
• Membership of South East WARP (Warning, Advice and Reporting Point) organised by the National Cyber Security Centre) providing up-to-date advice on information security threats, incidents and solutions.
• IT&D incident management process integrating data breach and cyber security incidents.
• Procurement of all new and changed applications is subject to review against IS and IG standards.

Prevention – Behavioural Controls
The council's Behaviour Framework applies to all staff and includes under 'Behaving Professionally' the text “I handle confidential matters and information discreetly and within set guidelines (e.g. Data Protection, data sharing protocols).
• Online IG training is published on the learning gateway and cyber-security sessions delivered by the local police cyber-crime unit have been made available to all staff.
• A variety of guidance materials (including guidance on strong password creation, phishing and working from home safely during c-19) are published on the Wave.
• Privacy impacts assessments (PIAs) conducted for all new business process and systems involving personal information.

Recovery Controls
• Documented major incident process in place.
• Basic recovery procedures documented for major systems.
• Full backups of business data for all internally hosted application.
• Shared Orbis expertise - 5 CISSP (Certified Information Systems Security Professional) qualified staff working in the partnership.
• Managed relationship with ICO (Information Commissioners' Office).

Second Line of Defence: Corporate Oversight
• A suite of Information Governance Policies are regularly reviewed and approved by IGB.
• An information risk register is regularly reviewed by Information Governance Board (IGB) and the Senior Information Risk Owner (SIRO).
• The Senior Information Risk Owner (SIRO) is briefed monthly on areas of risk.
• The Information Governance Board (“IGB”) oversees and provides leadership on Information Risk Management and obligations arising from legislation such as the Data Protection Act (DPA) 1998 & Freedom of Information (FOI) Act 1998.
• The Caldicott Guardians (Executive Directors Families, Children & Learning; and Health & Social Care) have corporate responsibility for protecting the confidentiality of Health and Social Care service-user information and enabling appropriate information sharing.
• The Information Governance Team operates as an independent function to provide advice, guidance and oversight in key areas.
• Information Governance and Cyber Security receives oversight from the Audit and Standards Committee.
• A Joint Orbis Data Protection Officer (DPO) has been in post as of May 2018. This role assists in the monitoring of internal compliance, provides advice on data protection obligations and Data Protection Impact Assessments (DPIAs).

• Reviewed by A&S Committee in July 2019, January 2021.

Third Line of Defence: Independent Assurance
1. Internal and external IT audits provide an objective evaluation of the design and effectiveness of IT&Ds internal controls. An annual Internal Audit schedule is agreed with internal audit; some focus audits specifically on Information Governance (IG) areas, but all will cover some aspect of IG. The outcome of all audits is reported to the Audit and Standards Committee quarterly.
*     2021/22: Email Communication - personal and sensitive encryption (Reasonable Assurance), DWP/Searchlight System Security Compliance (Reasonable Assurance)
*     2020/21: Cyber Security (Reasonable Assurance), IT Asset Management during Covid 19 (Reasonable Assurance), GDPR (Reasonable Assurance), IT Access Management (Partial Assurance), Housing Management System Implementation (Partial Assurance)
*     2019/20: ICT Compliance Framework (Reasonable Assurance), Network Security (Partial Assurance), Mobile Device Management (Reasonable Assurance), Purchasing Card System (Reasonable Assurance), Main Accounting System (Substantial Assurance)
2. IT Health Check (ITHC) performed by a ‘CHECK’/’CREST’ approved external service provider – covering both applications and infrastructure assurance. The ITHC approach has been updated to include one standard annual check and one targeted solution specific check (e.g. the mobile service).
3. Continued assurance from compliance regimes, including Public Sector Network (PSN) CoCo (Code of Connection); NHS Digital Data Security and Protection (DSP) Toolkit; and Payment Card Industry Data Security Standard (PCI DSS).

Reason for Uncertain status for effectiveness of controls: Cyber threats are evolving to become more sophisticated and our growing dependence on technology means that the impact of a successful attack has greatly increased. Proportionate technical and behavioural mitigation of this risk may not prevent a highly sophisticated, persistent attack.

While we recognise the need for transparency and accountability, for the purpose of this report, information which may compromise security or in some way increase the organisation’s vulnerability to cyber-attack may have been withheld.

Risk Action	Responsible Officer	Progress %	Due Date	Start Date	End Date
Prevention - Technical Controls: Compile a ‘Systems League Table’ to measure the relative ‘risk’ of the top 25 systems in use at BHCC to act as a comparison of maturity and a signpost for future work	Head of Strategy & Engagement	25	31/03/22	01/04/20	31/03/22
Comments: December '21 update: This work is deemed low priority and has been deferred due to resource issues in the Info Sec team
Prevention - Technical Controls: Deploy MetaCompliance’s (supplier) MetaPlatform (application) to support an improved approach to information asset management in the business	Head of Strategy & Engagement	75	28/02/22	01/07/20	28/02/22
Comments: December '21 update: Deployment has been delayed to align with Orbis partners, but the build of the Data Privacy Impact Assessment (DPIA) process has now been completed in the ESCC tenancy. Transfer of the build to the BHCC tenancy will commence shortly with testing planned for early 2022.
Prevention - Technical Controls: Deployment of SharePoint online and OneDrive (and decommissioning of P: and S: drives). This project will aim to rationalise unstructured data in all services (identify duplicates and inform management decisions around retention, destruction and data quality improvement).	Head of Strategy & Engagement	20	01/04/23	01/04/21	01/04/23
Comments: December '21 update: Over 60 training session have now been completed with FCL staff. Roll-out for ELT, Councillors & DMTs is now underway. Work is on track but this is a long term programme.
Prevention - Technical Controls: Improve Information Risk Management function. This will include a risk register visible to IGB, SIRO & DPO and clear processes and guidance.	Head of Strategy & Engagement	100	31/08/21	01/04/20	31/08/21
Comments: December '21 update: A major risk register is now in place. Further review and future developments will be picked up in the New Year
Prevention - Technical Controls: Lead a cross-dept. collaboration to develop a surveillance camera toolkit to support compliant acquisition, monitoring and evolution of surveillance cameras across the local authority	Head of Strategy & Engagement	20	31/08/21	01/10/20	31/08/21
Comments: December '21 update: The cross-directorate collaboration was put on hold during covid due to the unavailability of the SRO (Nick Hibberd) and the Programme Manager (Ben Miles). It is now proposed to run this programme from the central team. An asset register template has been produced and will shortly be populated by City Environment as a test case. It is also proposed to get involved in the reconfiguration of the traffic control centre and use this as a means to develop surveillance camera commissioner compliant tooling.
Prevention - Technical Controls: Migrate all instances SQL 2012 databases (End of Life, July 2022) and Windows Server 2012 (End of Life, Oct 2023)	Head of Strategy & Engagement	0	29/09/23	01/04/21	29/09/23
Comments: December '21 update: Any SQL2012 databases (EOL July 2022) are on track to be decommissioned by March '22. Any Windows Server 2012 (EOL Oct 2023) will start to be removed from April '22.
Prevention - Technical Controls: Review and improve the cyber incident management process, including better use of Cherwell (IT&Ds incident management system which appears to staff as ‘My servicehub online’).	Head of Strategy & Engagement	80	28/02/22	01/04/20	28/02/22
Comments: December '21 update: Cyber Incident review with Zurich is in progress. Documentation and a desktop exercise with Chief Exec will be scheduled for completion by end of Feb 2022
Prevention - Technical Controls: Review and improve user access controls (network and application access rights for starters, leaver and movers) via the Access Management project	Head of Strategy & Engagement	40	01/04/22	02/04/18	01/04/22
Comments: December '21 update: Following it's pause during the pandemic, the restarted project has completed a discovery phase (including the review of all associated audit reports) and created a new high level technical design (signed off by project board). The next phase will create a delivery plan.

Risk Code

Risk

Responsible Officer

Last Reviewed

Issue Type

Risk Treatment

Current Rating

Target Rating

Eff. of Control

SR18

The organisation is unable to deliver its functions in a modern, efficient way due to the lack of investment in and exploitation of technology

Director of Human Resources & Organisational Development

17/11/21

Threat

Treat

L4 x I4

L3 x I4

Revised:

Adequate

Causes

The organisation is highly dependent on technology for the delivery of services. However, technology requires ongoing financial investment to keep pace with the expectations of staff and customers and avoid technology failures which lead to disruption to services.

Investment can be sub-divided into 5 key areas:

1. Investment in foundational technology: ensuring a reliable and secure infrastructure
2. Investment in ‘end user’ technology: provide appropriate device, corporate systems, and office productivity tools
3. Investment in business applications: ensuring service owned systems are fit for purpose
4. Investment in digital transformation: enabling modernisation programmes to develop and utilise new digital approaches and technologies
5. Investment in leaderships and staff: improving our leaders and staff’s tech competencies and ensuring the opportunities provide by technology are recognised and exploited

Link to Corporate Plan: Outcome: ' A well run city: Keeping the city safe, clean, moving and connected'

Potential Consequence(s)

1. Investment in foundational technology
BHCC will be more vulnerable to cyber-attack (SR10) as well as regular service outages caused by systems failure. This will result in failure to deliver services, a loss of revenue, an increased risk to residents and a negative impact on staff morale

2. Investment in ‘end user’ technology
Lack of (or inadequate) end user technology will limit service ability to achieve relevant corporate plan objectives/make the required service improvements. It will also have a negative impact on staff morale and make it more challenging to attract and retain talent due to not meeting expectations of a modern working environment.

3. Investment in business applications
Continuing to run business specific applications which are not fit for purpose will limit service ability to achieve relevant corporate plan objectives. They will also put the organisation at greater risk of cyber-attack (SR10) and raise risks associated with poor information management, accessibility, and interoperability with digital products.

4. Investment in digital transformation
Digital transformation underpins the organisation’s ability to deliver value for money services, provide excellent customer service and create organisational agility. Inadequate investment (and investment which that is not balanced across the multiple facets of digital - cultural change, process improvement and digital technologies) will lead to a failure to meet these corporate objectives. It will also have a negative impact on staff morale and negatively impact the council’s and city’s reputation as a digital city.

5. Investment in leadership and staff
Managers and leaders require support to understand the implications of new technologies and how they can be utilised. Staff will need to be supported to become more digitally curious and engaged and have the confidence to adopt new ways of working. Without the investment to support these changes, the value of any investment in technology will be lost.

Existing Controls

First Line of Defence: Management Action
1. Investment in foundational technology
         a. Planed annual capital investment in foundational IT (a share of £1M split between foundational and end user technology) is managed through a structured capital investment programme Foundational IT (FIT), formally ‘Digital Organisation Programme (DOP) with the appropriate programme structures and artifacts and oversight via the Corporate Modernisation Board (CMDB)
         b. Exceptional capital investment is approved at CMDB and managed alongside planned capital investment.
         c. Investment programmes to date have delivered multiple new capabilities including - off site, secure Data Centre storage (ODC); Platform migrations (Citirix and Windows10), a GDS (Government Digital Services) security accreditation mail service, ubiquitous wi-fi capabilities across all BHCC offices, and remote working service (AOVPN) for the entire workforce
2. Investment in ‘end user’ technology
         a. Planned annual capital investment in ‘end user’ technology (a share of £1M split between foundational and end user technology) is managed through a structured capital investment programme Foundational IT (FIT), formally ‘Digital Organisation Programme (DOP) with the appropriate programme structures and artifacts and oversight via the Corporate Modernisation Board (CMDB)
         b. Exceptional capital investment is approved at CMDB and managed alongside planned capital investment.
         c. Investment programmes to date have delivered multiple new capabilities including – the creation of a new mobile service and the introduction of 1800+ iPhones/tablets and the introduction of 3,000 new laptop devices.
3. Investment in business applications
         a.    With oversight from CMDB, investment in the Eclipse programme (£2.8M) to replace the core social work case management system.
         b. Investment in the replacement of the housing management system.
4. Investment in organisational transformation
         a. With oversight from CMDB, investment via the Digital Customer programme (£1.7M) has sponsored multiple digital transformation projects including corporate web migration, MyAccount, Customer Index/Viewer project and the Contact Management project
         b. Ad hoc digital improvements were made as part of the Covid response including the Clinically Extremely vulnerable (CEV) App, Community Hub app, Free school meals app, PPE form, Homeless food delivery, Discretionary grant application, Business grant application, etc
5. Investment in leadership and staff
         a. Leadership Network is a forum for developing leaders

Second Line of Defence: Corporate Oversight
1. Corporate Modernisation Delivery Board (CMDB) oversees the alignment of programmes and projects to the Corporate Plan aims and review any gaps. This includes the oversight of the Foundational IT programme (FIT), Digital Customer programme and the Future Ways of Working programme
2. Executive Leadership Team (ELT) have oversight of the biannual staff survey and specifically the relevant indicator ‘I have access to the equipment, systems & resources I need to do my job effectively’ (2021: 71%, 2019: 57%, 2017: 55%)
3. Tech & Digital Board in place to review progress, identify interventions where strategic changes on IT are required, and produce a re-focused strategy that aligns the needs of services

4. 31Ten are providing consultancy around digital strategy.
5. Silversands have provided assurance around Microsoft 365.

6. The Audit & Standards Committee reviewed this risk in January 2021 and July 2019.

Third Line of Defence: Independent Assurance
1. Internal Audit:
*   2021/22: MCM Housing Repairs Application (Reasonable Assurance)
*   2020/21: Care System Replacement Project – Eclipse (Reasonable Assurance), Housing Management System Implementation (Partial Assurance), Cloud Computing (Reasonable Assurance), IT Access Management (Partial Assurance)
*   2019/20: Mobile Device Management (Reasonable Assurance), Survelliance Cameras (Partial Assurance)
*   2018/19: Digital First (Minimal Assurance), Housing Management System Replacement (Reasonable Assurance), Care management system re-procurement (Reasonable Assurance)

Risk Action	Responsible Officer	Progress %	Due Date	Start Date	End Date
Investment in ‘end user’ technology - Foundational IT Programme: Deployment, adoption and training of new information management tools (Microsoft365) to replace personal/shared drives & wave	Head of Strategy & Engagement	30	31/03/23	01/04/20	31/03/23
Comments: December '21 update: The planned rollout of Microsoft365 was adjusted in order to respond to the c-19 pandemic and the urgent need for remote working. As a result, deployment of MS Teams for communications and OneDrive was brought forward to mid - 2020 (for all Windows10 users). Subsequently, a new information architectural to replace shared drives and personal drives has been developed and 'full' MS Teams is currently being deployed. SharePoint online will be deployed from early 2022. Deployment of enhancements to the offer (e.g. Teams Recording & MS Forms ) will continue to be deployed intermittently. The use of SharePoint online to replace the current intranet (The Wave) has been signed off and a phase one 'content migration' project has been initiated.
Investment in ‘end user’ technology - Foundational IT Programme: Strategic Telephony Review	Head of Strategy & Engagement	10	31/03/23	01/04/20	31/03/23
Comments: December '21 update: Currently in phase 1/4 - Migrating Centrex analogue phone system to 8x8 cloud telephony. The contract is due for signing before the end of year.
Investment in business applications: Social Care and Housing service projects to replace core systems of record and establish improved data management practices	Head of Strategy & Engagement	100	31/08/21	20/04/17	31/08/21
Comments: December '21 update: NPS Housing (now known as NEC Housing) went live on 19 July 2021. All staff were trained in the new system. We have recently undertaken a survey of staff to see how it is bedding in after 4 months of running and are looking at how improvements can be made to ensure the new system improves the service for staff and customers. Eclipse went live on 22 November 2021 and replaced CareFirst for social care. In both cases there will be substantial follow up activity as other modules/'add-ons' are brought online.
Investment in business applications: Strategic review of HR & Financial information systems	Chief Finance Officer	10	31/05/22	16/11/21	31/05/22
Comments: Dec-21: SOTICIM have been appointed to carry out an options appraisal to establish the next steps for the corporate systems strategy. These options will lead to a decision about either upgrading or replacing the HR & Financial information systems to ensure the organisation has the systems required to enable us to deliver our plans. Core functionality, user friendly, maximise automation/integration, accessibility in line with statutory requirements, best value for money. Several workshops have taken place with key stakeholders.
Investment in digital transformation - Data Management/BI: Establishing a framework for Data Management via a Data Governance Framework Steering Group	Head of Strategy & Engagement	5	31/03/24	29/09/21	31/03/24
Comments: December ’21 update: Scope, membership and ToR of the Governance group agreed at the first two meeting.
Investment in digital transformation - Digital Customer: Contact Management - Onboarding additional services. Building basic CRM capability.	Head of Strategy & Engagement	10	31/03/24	01/11/21	31/03/24
Comments: December ’21 update: Contact the council has been migrated from Mendix and fully integrated with Contact Manager. BusOps, City Parks, Councillor enquiries and Travel & Transport have been onboarded.
Investment in digital transformation - Digital Customer: Website and MyAccount Implement a series of improvements to the MyAccount customer experience, including mobile experience. Rationalise online forms to align with ‘Customer Hubs’ and improve targeted contact. Implement website content strategy leading to improved customer experience, findability and MyAccount integration.	Head of Strategy & Engagement	10	31/03/24	01/11/21	31/03/24
Comments: December '21 update: Future planning for Website and MyAccount has been agreed and a Digital Support Technician has been recruited
Investment in foundational technology: Foundational IT Programme: a series of ongoing improvements to the speed and reliability of the underlying corporate infrastructure.	Head of Strategy & Engagement	30	31/03/23	01/04/20	31/03/23
Comments: December '21 update: Remote connectivity using 'Always On VPN' has now been stabilised. Additionally a project has been initiated to refresh the end of life LAN network infrastructure to enable Portslade Hub and single sign-on network password reset has been enabled for all users.
Investment in leadership and staff: Establish a digital skills framework for BHCC and ensure the appropriate learning & development solutions are made available and communicated to all staff	HR Business Partner	5	31/03/23	17/11/21	31/03/23
Comments: This is currently being scoped and we are utilising the Government Digital Skills Framework. We are identifying service champions to support this work.

Risk Code

Risk

Responsible Officer

Last Reviewed

Issue Type

Risk Treatment

Current Rating

Target Rating

Eff. of

Control

SR32

Challenges in ensuring robust & effective health & safety measures, leading to personal injury, prosecution, financial losses, or reputational damage

Director of Human Resources & Organisational Development

17/11/21

Threat

Treat

L4 x I4

L3 x I4

Revised:

Adequate

Causes

Link to Corporate Plan 2020-23: Attributes 7. How will the plan be delivered. Actions to achieve A well run council.
To ensure that the council meets the requirements of law and controls the likelihood and impact of risks which have potential to cause harm to residents, visitors and stakeholders there must be robust oversight of arrangements in delivering services and procuring goods to meet health and safety (H&S) legislation and other regulatory requirements. This includes responding to the global COVID-19 pandemic to ensure the safety and health of our staff and residents of the City. This is challenged by reducing resources, increasing demands and changes to our operating environment, and increased focus by regulators.

Potential Consequence(s)

* Actual and potential harm
* Ability to respond to COVID-19 involves new skills and increased pace of response
* Custodial sentences for duty holders
* Fines and litigation
* Resources not well directed with implications for efficiency
* Decisions made are challenged
* Increased costs of rectifying mistakes
* Financial stability of organisation compromised
* Reputational damage.

Existing Controls

First Line of Defence: Management Controls

1. Health & Safety (H&S) policy which sets out roles, responsibilities and arrangements

2. Access to competent advice (Health & Safety team) including technical fire safety and lead investigation of all health & safety incidents

3. Safety management framework - Team Safety. Link to HR processes e.g. working time directive returns which triggers risk assessment for the individual

4. Deployment of H&S expertise to support high priorities identified e.g. COVID-19 response; staff support to Housing and City Environment Management (CEM)

5. H&S Training core programme (online learning and face to face where essential)

6. Fire Risk Assessments (FRAs) in place on council buildings with a programme of review which is monitored by Head of Health and Safety and AD Property and Design

7. Wellbeing Steering Group coordinated by Health & Safety with membership including workforce reps identifies targeted support for staff through feedback and links to local and national campaigns

8. Housing Fire Health and Safety Board (Council, ESFRS) continue to oversee co-ordination of resources and manage actions through to completion. Ongoing monitoring of outcome of Grenfell Public Inquiry and any potential implications for the council relating to housing. The enforcing authority are supportive of the council's approach and have developed joint partnership working to assessing and managing fire risk.

9. The Assurance Group has been re-established and has oversight of the Health & Safety Strategic Action Plan. The response to Covid continues to impact on officers’ capacity across the council and is delaying the progression of some of the activities outlined in the plan.

10. H&S Membership at Safety Advisory Group/Major Incident Support Team (MIST)

Second Line of Defence - Corporate Oversight

1. COVID-19 Regular meetings: COVID-19 Recovery Working Groups covering specific aspects (e.g. PPE and Ways of Working); and Directorate Consultative Meetings with Unions (separate School Union meeting) take place regularly.

2. The Corporate H&S Committee is being reformed as the Corporate (H&S) Consultative Forum with new dates being planned from November 2021.

3. Corporate H&S Team assess assurance levels for general H&S based on H&S Checklists linked to Team Safety plans. Assurance work ongoing in relation to quality checking school and council services COVID-19 risk assessments and arrangements.

4. H&S audit programme has been paused because of COVID-19 and will be re-assessed as part of the wider COVID-19 Secure assurance work and review of the H&S Strategic Action Plan. The new audit plan is underway with the first stage being undertaking corporate risk profiling. This is underway across all directorates and the findings will be used to inform prioritised and targeted audits.

5. Housing, Fire, Health & Safety Board meets regularly includes representation from East Sussex Fire & Rescue Service, the council's Health & Safety, Communications and Building Control Teams and housing managers

6. The Economy, Environment and Culture health & safety board oversees co-ordination of resources to manage risk and emerging safety issues

7. Community initiatives partnership, governance and escalation through Members existing governance structures

8. Ongoing assurance will be managed through the health and safety strategic action plan, in particular the corporate risk profiling is a key activity. Information obtained from the corporate risk profiling will be available for external parties undertaking inspections and quality assurance.

9. Reviewed at Audit & Standards Committee in January 2021 and September 2019.

Third Line of Defence: Independent Assurance

1. Post Grenfell tragedy (June 2017) information required by Ministry of Housing Communities and Local Government (MHCLG) in relation to council owned blocks was provided. The Council provide data to MHCLG on private sector blocks visual inspections.

2. East Sussex Fire & Rescue Service (ESFRS) Regulatory Reform (Fire Safety) Order - ESFRS undertake citywide audits according to a prioritised programme which includes a range of council buildings. No inspections of council buildings have led to the need for enforcement action. All Council high rise buildings have been visited by ESFRS.

3. A Notice of Contravention issued by the HSE in response to their investigation into the fatality in a school Feb 2019 outlined necessary action. The council have responded to the NOC and no further comment has been provided by the HSE.

4. HSE Control of Vibration unannounced inspection in City Parks in October 2017, linked to national focus on work related health. Areas for improvement identified which has led to development of an action plan with assigned leads and timescales for action. HSE responded to RIDDOR reports specifically on vibration in March 2018 visiting City Parks and City Clean. A request for an update on progress was responded to in October 2020.

5. After Inquest re. fatality of a council employee in 2018 the BHCC Coroner issued a Regulation 28: Report to Prevent Future Deaths in March 2019. Head of Health & Safety and Senior Lawyer prepared a letter in response to outline the activity of the council to address the issues raised within the Regulation 28 Report, and our plans to address the long-term corporate issues. This is managed through the Health & Safety Strategic Action Plan.

6. Royal Society for the Prevention of Accidents (RoSPA) undertook an independent audit of BHCC’s health and safety framework and arrangements between 1-3rd and 10th December 2020. Final report issued from RoSPA February 2021. Key elements from the RoSPA report have been included in the strategic action plan.

7. Ofsted and CQC undertake statutory audits of schools, educational settings and care homes and care services.

Risk Action	Responsible Officer	Progress %	Due Date	Start Date	End Date
Develop Wellbeing Strategy informed by the bi-annual 'Well Workforce Survey'.	Interim Head of Health and Safety	75	31/03/22	01/04/19	31/03/22
Comments: Jan-22: The Wellbeing Strategy is under review to ensure planned activities remain relevant and link to local and national priorities and campaigns. This includes ensuring appropriate resource is identified and in place to deliver this important work. The wellbeing action plan will continue to be overseen by the Our People Promise Board. Themes arising from the all Staff Survey will continue to feed into the action plan.
Housing Fire Safety Board plan and monitor the ongoing programme of sprinkler installations in the council's housing stock as approved by Housing Committee	Assistant Director Housing	50	31/03/22	01/04/16	31/03/22
Comments: Nov-21: Work with ESFRS on the Building Risk Review program, to promote engagement and data sharing around higher risk residential buildings with a view to agreeing a single point of contact. . Continue joint monitoring of statutory fire risk assessment and other duties and a risk based approach to investment and response to issues arising, including fire doors in council blocks. Ensure emerging Fire Health & Safety Standards from central government post Grenfell are reviewed and implemented as required. In particular, concerning issues with fire doors. Continue to update Housing Cttee. Commission consultancy resource to review building safety guidance post Hackett Review and following publication of the Building Safety Bill. Commence Planned works programme to replace doors. Continued engagement with ESFRS , including through Housing Fire Health & Safety Board.
Re-assess Team requirements to deliver an effective H&S service to manage this risk (both core and COVID-19 risks)	Interim Head of Health and Safety	75	31/03/22	01/09/20	31/03/22
Comments: Nov-21: Supporting the Covid response has moved towards the Future ways of working programme. Resourcing and capacity in the Health & Safety team are reduced with continuing interim arrangements in place. There are on-going challenges in recruiting candidates to vacancies in the team. The H&S Assurance group has approved the Directorate risk profiling approach. The data is now being gathered and service priorities and adjustments to service provision will be realigned as appropriate.

Subject:		Strategic Risk Focus Report: SR30, SR25, SR10, SR18 and SR32
Date of Meeting:		25^th January 2022
Report of:		Executive Director, Governance, People and Resources
Contact Officer:	Name:	Kat Brett	Tel:	01273 293846
	Email:	Kat.Brett@brighton-hove.gov.uk
Ward(s) affected:		All

Table 1

APPENDIX 1: CAMMs Risk Report for SR30, SR25, SR10, SR18 and SR32

APPENDIX 2: A guide on the risk management process