Subject:
|
Strategic Risk Focus
Report: SR30, SR25, SR10, SR18 and SR32
|
Date of Meeting:
|
25th
January 2022
|
Report of:
|
Executive Director,
Governance, People and Resources
|
Contact Officer:
|
Name:
|
Kat Brett
|
Tel:
|
01273 293846
|
|
Email:
|
Kat.Brett@brighton-hove.gov.uk
|
Ward(s)
affected:
|
All
|
FOR GENERAL
RELEASE
1. PURPOSE OF
REPORT AND POLICY CONTEXT
1.1
To report to the Audit & Standards Committee on the latest
quarterly update to the city council’s Strategic Risk
Register (SRR).
1.2
The Committee have agreed to focus on specific strategic risks
(SRs) at each of their meetings. For this meeting there are five
SRs to receive focus and to enable Members’ questions to be
asked there will be attendance by Risk Owners as detailed
below:
The Chief Executive Officer (CEO) in respect
of:
SR30 Not
fulfilling the expectations of residents, businesses, government
and the wider community that Brighton & Hove City Council will
lead the city well and be stronger in an uncertain environment.
SR25
Insufficient organisational capacity or resources to deliver all
services as before and respond to changing needs and changing
circumstances.
SR10
Corporate information assets are inadequately controlled and
vulnerable to cyber-attack.
The Director of Human Resources &
Organisational Development (DHROD) in respect of:
SR18 The
organisation is unable to deliver its functions in a modern,
efficient way due to the lack of investment in and exploitation of
technology.
SR32 Challenges
in ensuring robust & effective health & safety measures,
leading to personal injury, prosecution, financial losses, or
reputational damage.
2.
RECOMMENDATIONS:
That the Audit &
Standards Committee:
2.1
Note the SRR detailed within Table 1 of
this report.
2.2
Note Appendix 1 the CAMMS Risk
report with details of the five SRs and actions taken
(‘Existing Controls’) and actions planned.
2.3
Note Appendix 2 which provides:
i.
a guide on the risk management process;
ii.
guidance on how Members might want to ask questions of Risk Owners,
or officers connected to the strategic risks; and
iii.
details of opportunities for Members, or officers, to input on
Strategic Risks at various points and levels.
2.4
Make recommendations for further action(s) to the relevant council
body.
3.
CONTEXT/ BACKGROUND INFORMATION
3.1
The city council’s SRs are reviewed quarterly by the
Executive Leadership Team (ELT) taking on board comments from
quarterly risk reviews carried out at Directorate Management Teams.
This process ensures the currency of the city council’s
SRR.
3.2
The Audit & Standards Committee has a role to monitor and form
an opinion on the effectiveness of risk management and internal
control.
3.3
The initial risk score takes account of the existing controls in
place to mitigate the risk (current score). The revised risk score
assumes that all risk actions are successfully delivered (target
score). The ‘likelihood’ (L) score ranges from Almost
Impossible (1) to Almost Certain (5) and the ‘impact’
(I) score ranges from Insignificant (1) to Catastrophic (5). These
scores are multiplied to give the risk score.
3.4
At ELT’s review of the SRR on 17th November 2021,
the following amendments to the SRR were agreed:
Amendments to risk scores:
i)
SR10 Corporate information assets are inadequately
controlled and vulnerable to cyber-attack.
Agreed:
Change revised/target risk score from L4 ‘Likely’ x I3
‘Moderate’ to L3 ‘Possible’ x I4
‘Major’. The target risk score remains at a total of 12
‘Significant’.
Reason: The
mitigating actions aim to reduce the likelihood of a cyber-attack,
whereas the impact would still be ‘Major’ so the target
risk score has been amended to reflect this, although remains at a
total of 12.
ii)
SR21 Unable to manage housing pressures and deliver new
housing supply.
Agreed:
Change revised/target risk score from L3 ‘Possible’ x
I3 ‘Moderate’ to L4 ‘Likely’ x I3
‘Moderate’. The target risk score remains
‘Significant’ but increases from 9 to 12.
Reason: The
target risk score should be increased as although the Housing Work
Plan will increase homes in the city, it is unlikely to meet the
entire need.
iii)
SR36 Not taking all actions required to address climate and
ecological change and transitioning our city to carbon neutral by
2030.
Agreed:
Change current risk score from L5 ‘Certain’ x I4
‘Major’ to L4 ‘Likely’ x I5
‘Catastrophic’. The current risk score remains at a
total of 20 ‘High’.
Reason: The
effectiveness of existing controls are uncertain and so the
likelihood is likely, and impact would be catastrophic, however
mitigating actions should reduce the impact, however this also
carries a degree of uncertainty.
Amendments to risk titles:
iv)
SR18 The organisation is unable to deliver its functions in
a modern, efficient way due to the lack appropriate technology.
Agreed:
Reword risk title to “The organisation is unable to deliver
its functions in a modern, efficient way due to the lack of
investment in and exploitation of technology.”
Reason:
There has been significant investment in technology since this risk
was initially considered and now there needs to be a focus on
continued investment for maintenance, resilience and modernisation
and ensuring digital competency to maximise the benefits of
technology.
v)
SR29 Ineffective contract performance management leads to
sub-optimal service outcomes, financial irregularity and losses,
and reputational damage.
Agreed:
Reword risk title to “Procurement non-compliance and
ineffective contract performance management leads to sub-optimal
service outcomes, financial irregularity and losses, and
reputational damage.”
Reason: This
risk needs to focus on procurement compliance to contract standing
orders as well as contract performance management.
vi)
SR32 Challenges to ensure health & safety measures lead
to personal injury, prosecution, financial losses and reputational
damage.
Agreed:
Reword risk title to “Challenges in ensuring robust &
effective health & safety measures, leading to personal injury,
prosecution, financial losses, or reputational damage.”
Reason: This
is to emphasise the focus on robust & effective measures.
Add, merge and remove risks:
vii)
SR13 Not keeping vulnerable adults safe from harm and abuse,
SR20 Failure to achieve health and social care outcomes due
to organisational and resource pressures on the Clinical
Commissioning Group (CCG) and Brighton & Hove City Council
(BHCC), SR33 Not providing adequate accommodation and
support for people with significant and complex needs.
Agreed: Merge risks into SR13 and reword risk title
“Not keeping adults safe from harm and abuse” and focus
on key areas: Safeguarding arrangements across council, high
quality social care practice, provider failure, accommodation for
vulnerable homeless and rough sleepers, services for people with
care needs
Reason: There is an increase in risk in provider failure and
there have been changes to the integration with health system
partners with the Integrated Care Partnership. This refocus of the
risk captures the key areas that are vital to mitigating the
risk.
viii)SR23 Unable to develop and deliver an effective
regeneration and investment strategy for the seafront and ensure
effective maintenance of the seafront infrastructure.
Agreed:
Remove risk and de-escalate from strategic level to be managed and
monitored through the EEC directorate plan.
Reason: The
current risk is a combination of two separate risks: “Unable
to develop and deliver an effective regeneration and investment
strategy for the seafront” and “Unable to ensure
effective maintenance of the seafront”. Both can be managed
at a directorate level.
ix)
No new risks were proposed or agreed.
There are now 13 Strategic Risks. The risk heat maps and Table 1,
below, shows the current 13 Strategic Risks in the highest Revised
Risk order which takes account of future actions to reduce or
mitigate the risks.
Table
1
|
Risk No.
|
Risk Title
|
Initial Risk Score Likelihood (L)
x Impact (I) & Direction of Travel
(DOT)
|
Revised Risk
Score Likelihood (L) x Impact (I) & Direction of Travel
(DOT)
|
Committee
(s)
|
Risk
Owner
|
SR
2
|
The Council is
not financially sustainable
|
5 x 4
◄►
RED
|
4 x 4
◄►
RED
|
Policy & Resources
Committee
|
Chief Finance Officer
|
SR
36
|
Not taking all actions required to
address climate and ecological change and transitioning our city to
carbon neutral by 2030
|
4 x 5
▼▲
RED
|
4 x 4
◄►
RED
|
Environment, Transport &
Sustainability Committee
|
Executive Director, Economy,
Environment & Culture
|
SR
37
|
Not effectively responding to and recovering
from COVID-19 in Brighton and Hove including building resilience
for future pandemics
|
4 x 4
◄►
RED
|
3 x 4
◄►
AMBER
|
Health & Wellbeing
Board
and
Policy & Resources
(Recovery) Sub-Committee
|
Executive Director,
Health & Adult Social Care
|
SR
32
|
Challenges in ensuring robust & effective
health & safety measures, leading to personal injury,
prosecution, financial losses, or reputational damage
|
4 x 4
◄►
RED
|
3 x 4
◄►
AMBER
|
Policy & Resources
Committee
|
Director Human Resources &
Organisational Development
|
SR
18
|
The organisation is unable to
deliver its functions in a modern, efficient way due to the lack of
investment in and exploitation of technology
|
4 x 4
◄►
RED
|
3 x 4
◄►
AMBER
|
Policy & Resources
Committee
|
Director Human Resources &
Organisational Development
|
SR
25
|
Insufficient organisational capacity or
resources to deliver all services as before and respond to changing
needs and changing circumstances
|
4 x 4
◄►
RED
|
3 x 4
◄►
AMBER
|
Policy & Resources
Committee
|
Chief Executive
|
SR
13
|
Not keeping adults safe from harm and
abuse
|
4 x 4
◄►
RED
|
3 x 4
◄►
AMBER
|
Health & Wellbeing
Board
|
Executive Director, Health &
Adult Social Care
|
SR
15
|
Not keeping children safe from harm and
abuse
|
4 x 4
◄►
RED
|
3 x 4
◄►
AMBER
|
Children, Young People & Skills
Committee
|
Executive Director Families,
Children & Learning
|
SR
10
|
Corporate information assets are
inadequately controlled and vulnerable to cyber attack
|
4 x 4
◄►
RED
|
3 x 4
▼▲
AMBER
|
Policy & Resources
Committee
|
Chief Executive
|
SR
21
|
Unable to manage housing pressures and deliver
new housing supply
|
4 x 4
◄►
RED
|
4 x 3
▲►
AMBER
|
Housing Committee
|
Executive Director, Housing,
Neighbourhoods & Communities
|
SR
24
|
In the context of Covid-19 the needs and demands
for services arising from the changing and evolving landscape of
welfare reform is not effectively supported by the
council
|
4 x 3
◄►
AMBER
|
3 x 3
◄►
AMBER
|
Policy & Resources
Committee
|
Chief Finance
Officer
|
SR
29
|
Procurement non-compliance and ineffective
contract performance management leads to sub-optimal service
outcomes, financial irregularity and losses, and reputational
damage
|
3 x 4
◄►
AMBER
|
3 x 3
◄►
AMBER
|
Policy & Resources
Committee
|
Chief Finance Officer
|
SR
30
|
Not fulfilling the expectations of residents,
businesses, government and the wider community that Brighton &
Hove City Council will lead the city well and be stronger in an
uncertain environment
|
3 x 4
◄►
AMBER
|
2 x 4
◄►
AMBER
|
Policy & Resources
Committee
|
Chief Executive
|
4.
ANALYSIS & CONSIDERATION OF ANY ALTERNATIVE OPTIONS
4.1
Through consultation with ELT the Risk Management process currently
in operation was deemed to be the most suitable model.
5.
COMMUNITY ENGAGEMENT & CONSULTATION
5.1
This is an internal risk reporting process and as such no
engagement or consultation has been undertaken in this regard.
6.
CONCLUSION
6.1
The council must ensure that it manages its risks and meets it
responsibilities and deliver its Corporate Plan, risk management is
evidence for good governance.
7. FINANCIAL &
OTHER IMPLICATIONS:
Financial
Implications:
7.1
For each Strategic Risk there is detail of the actions already in
place (‘Existing Controls’) or work to be done as part
of business or project plans (‘Risk Actions’) to
address the strategic risk. Potentially there may have significant
financial implications for the authority either directly or
indirectly. The associated financial risks are considered during
the Targeted Budget Management process and the development of the
Medium Term Financial Strategy
Finance Officer Consulted: James
Hengeveld
Date: 23/12/2021
Legal
Implications:
7.2 All the Strategic Risks
which are reported to the Audit & Standards Committee may
potentially have legal implications. Members are referred to
Appendix 1 of this Report for a detailed description of the
Strategic Risks being focused on in this Committee cycle: a
description which normally makes reference to any legal
implications of a direct nature.
7.3 The Council has delegated
to its Audit & Standards Committee its powers and duties in
relation to risk management. As a result this Committee is the
correct body for considering this Report.
Lawyer Consulted: Victoria
Simpson
Date:09/12/2021
Equalities Implications:
7.4
Risk Owners are requested to ensure that equalities implications
are considered in describing strategic risks, their potential
consequences and when developing mitigating actions and the
Equalities Team are asked to review the strategic risks. This will
continue to be part of regular ELT & DMT risk review
sessions.
7.5
SR25 has a key focus on equalities through the Our People Promise
strategy, specifically through the Fair and Inclusive Action Plan
and the Corporate and Directorate Equalities Delivery Groups.
Sustainability Implications:
7.6
Risk owners are requested to consider sustainability implications,
and this will continue to be part of regular ELT & DMT risk
review sessions. SR36 has a key focus on sustainability through the
Carbon Neutral modernisation Programme and any sustainability
implications of a direct nature are normally referenced within the
risk.
Any Other
Significant Implications:
7.7
None
SUPPORTING DOCUMENTATION
Appendices:
1.
Appendix 1: CAMMS Risk report SR30, SR25, SR10, SR18 and SR32.
2.
Appendix 2: A guide on the risk management process and how Members
might want to ask questions of Risk Owners in relation to Strategic
Risks.
Background Documents
1. None.
APPENDIX
1: CAMMs Risk Report for SR30, SR25, SR10, SR18 and
SR32
|
|
Risk
Code
|
Risk
|
Responsible
Officer
|
Last
Reviewed
|
Issue
Type
|
Risk
Treatment
|
Current
Rating
|
Target
Rating
|
Eff. of
Control
|
SR30
|
Not fulfilling the
expectations of residents, businesses, government and the wider
community that Brighton & Hove City Council will lead the city
well and be stronger in an uncertain environment
|
Chief
Executive
|
17/11/21
|
Threat
|
Treat
|
|
|
Revised:
Adequate
|
|
|
|
Causes
|
Link to Corporate
Plan 2020-23. 7 Council Attributes ‘Working in Partnership',
actions 7.7
Fulfilling the expectations of business, government and the wider
community that Brighton & Hove City Council will lead the city
well and be stronger in an uncertain environment. Whilst the
council has already established effective partnership arrangements
to benefit the city such as Brighton & Hove Connected
http://www.bhconnected.org.uk/, the City Management Board (CMB)
find out more via
http://www.bhconnected.org.uk/content/city-management-board;
Greater Brighton Economic Board (GBEB) find out more via
https://greaterbrighton.com/about-us/introducing-the-economic-board/)
and wider city regional based leadership, if it does not 'step up
to the mark' and embrace its role for Placed Based Leadership the
council may be perceived as less relevant to business and wider
community and others due to factors such as:
1. Brexit's implications & opportunities for the city's economy
resulting from the UK exiting the EU given the current trade
profile where 45% of Brighton & Hove's trade is with the EU and
79% of this service is service exports. Brighton & Hove is the
9th largest city in the UK for the value of service exports per job
(source: Centre for Cities, How do cities trade with the World?
April 2019)
2. Other economic uncertainties include the changing shape of
retail and the high cost of housing affecting recruitment and
retention of workforce across all economic sectors
3. Reduced council expenditure and changes to the traditional
municipal model
|
Potential
Consequence(s)
|
* Our civic
institutions are unable to provide effective leadership to the
city
* Adverse impact of economic uncertainty and social change on
wellbeing, community cohesion and opportunities for citizens so
that City Wealth reduces
* Business cannot grow
* Inequality grows
* Fragmentation of communities
* Fragmentation of framework for public service institutions
* Uncertainty over long term funding and rising health and social
care demands makes delivery of public services very
challenging
* Lost opportunity to position the city as a positive place to
attract businesses and employees who will benefit city growth
* Reputation of council suffers as civic leadership role in the
city
* Citizens and businesses have less confidence in engaging with the
council
|
Existing
Controls
|
First line of
defence: Management Controls
1. Partnership structures, including City Management Board, Greater
Brighton Economic Board, Thematic partnerships to further develop
shared community leadership of the city.
2. City Management Board are not decision making but they are
important influencers and it is an effective way of putting
strategic issues on the radar of public authorities.
3. Brighton & Hove Connected (link as above) a network of
community & voluntary organisations and businesses in the city
and works in an effective way to engage communities on issues of
interest.
4. Corporate governance and processes to manage existing council
business, eg Performance Management Framework.
5. Fair and Inclusive Action Plan and Directorate equality
plans
Second Line of Defence: Corporate Oversight
1. Full Council
2. Policy & Resources (PR) Committee has oversight of key
budget and policy decisions and all reports have a financial, legal
and community impact assessments.
3. Health & Wellbeing Board have similar assurance functions as
the PR Committee.
4. Local Government
Association ad-hoc guidance and peer review
5. Corporate Modernisation Delivery Board and the Executive
Leadership Team (ELT) oversee the application of the Performance
Management Framework.
6. Policy Chairs Board oversight of issues of policy.
7. Corporate Equality Delivery Group
8. Tourism, Equality, Communities and Culture committee
9. Equality and Inclusion Partnership.
10. Sussex Resilience Forum
11. Community Safety Board
12. Safeguarding Adults Board and Safeguarding Children's
Board
13. Two Independent
Persons on the Audit & Standards Committee.
14. Audit & Standards Committee reviewed this risk in January
2020 and January 2021.
Third Line of Defence: Independent Assurance
1. HM Government
2. External Audit reviews of financial position of the city council
- June 2019.
3. Inspectorate reports e.g. Ofsted 2018 - Children's Services -
Good Judgement; and Ofsted focused visit in February 2020 looking
at services to children in need and child protection plans resulted
in positive comment.
4. LGA peer review
Equality Framework for Local Government.
5. Investigatory Powers Commissioner – reviewed the use of
investigatory powers (2018)
6. Internal Audit
* 2021/22: Major Capital Projects - Brighton
Centre/ Black Rock (Reasonable Assurance)
* 2019/20: Brighton Centre (Reasonable
Assurance)
* 2018/19: Royal Pavilion and Museums (Partial
Assurance), Seafront Investment Strategy (Reasonable
Assurance)
|
|
Risk
Action
|
Responsible
Officer
|
Progress
%
|
Due
Date
|
Start
Date
|
End
Date
|
|
Communicate the
council's activity to enable the city's strong prospects as a
healthy place to live, work and do business, able to withstand
challenges and grasp future opportunities
|
Head of
Communications
|
60
|
31/03/23
|
10/01/19
|
31/03/23
|
|
Comments:
A huge
amount of communications work continues to support the city to keep
Covid rates low; through amplification of NHS information and
messaging around vaccinations for both Covid and flu. Our targeted
social media campaign ‘Is it a cold or is it Covid’ has
had very high levels of engagement and we are looking to roll this
out across other communications channels over the winter. A new
campaign ‘Be Kind, Think of Others’ focusing on
continued mask wearing, hand washing, social distancing,
ventilation etc is in the early concept stages.
The administration has now agreed their communications priorities
until April 2023. Which are set out below:
Gold campaigns
• Climate change - seizing the momentum of COP26: and being
able to champion the Carbon Neutral Plan and achievements. Greening
projects ie rewilding – getting the city on board – a
campaign to encourage engagement in and about our
environment.
• Public Health – we need to amplify the focus on this
after Covid. Recovery - including jobs and economy – is
linked, and we need to be able to tell the city that we are keen to
focus on our health and wellbeing – as this will help us
manage any future pandemics or the ongoing fallout of this
one.
Silver
campaigns
• Recycling / refuse campaigns: fly tipping, fly posting,
environmental enforcement, clean ups, tidy ups, what you can and
can’t recycle – is an endless issue so needs a
continuous focus and proactive comms, not always reactive –
so good campaign material.
• Anti-racism and equalities work: our focus on delivering
positive change for vulnerable or excluded communities in the city:
highlighting this and spreading positive inclusion messages
whenever we can. We want to become a more inclusive and caring
city.
Bronze campaigns
• Housing: our achievements in council housing; less of a
campaign and more of an important focus to highlight our
work.
• Youth: opportunities and different ways to engage young
people. Digital is key.
• Overarching proactive messaging
Consultation and engagement & digital – driving through
work that strikes the tone of a caring, friendly city that wants to
understand resident concerns and work proactively to resolve them,
and that reaches people through different mediums and in the way
that is right for them / using the platforms they use.
The following key actions which will underpin the communications
campaigns over the next two years are:
Gold
Climate change / A Sustainable City
• Supporting the city’s Climate Assembly action plan and
creating a £1m Carbon Reduction Reserve to provide for and
advance initiatives to support the aim of a carbon neutral city by
2030, improving the sustainability and biodiversity of the city as
well as the health and well-being of its residents through
promoting active travel, investing in green spaces and tree
planting, and improving air quality, for example, through the
School Streets and Low Traffic Neighbourhood
initiatives
• Creation of a Climate Assembly Action Capital Investment
Fund
• Expansion of the Sustainable Carbon Reduction Initiative
Fund (SCRIF) financing budget to lever in additional capital
investment for carbon reduction schemes
• Expansion of the warmer homes initiative (including district
heating plans) through provision of an additional financing budget
to lever in capital investment, increasing the total programme to
£5.2m
• Provision for a Hydrogen feasibility study
• Addition of a Rewilding Officer post to manage and enhance
biodiversity
• Feasibility study for a seafront sustainable transport
corridor
• Proactive measures are being taken to improve emissions of
buses and taxis. Officers have been asked to consider an expansion
of a low or zero emission zone that might limit some vehicle
types.
• We will be working with Greater Brighton and city partners
to develop a strong, prosperous, and sustainable economy; through
the Carbon Neutral 2030 Programme, the Circular Economy framework
and the Living Coast Biosphere through a growing Sustainability
Team.
• We will work in partnership with key stakeholders to develop
a new Local Transport Plan and a Local Cycling and Walking
Infrastructure Plan that supports sustainable travel, to contribute
towards the city becoming carbon neutral by 2030.
• We plan to develop a new City Downland Estate Plan to make
best use of our unique landscape and contribute to the carbon
neutral agenda creating emission reduction savings, promoting
different uses including local food production and exploring a
possible solar farm to create a self-sufficient renewable energy
supply.
Public Health and
Covid recovery / A Healthy and Caring City
• Further develop the Health & Wellbeing Board as an
integral part of the local health & care system, delivering the
goals of the city Joint Health & Wellbeing Strategy.
• Continue to protect our residents through our Covid-19 Local
Outbreak Plan response, including supporting care settings and
promoting Covid and Flu vaccination uptake (especially among our
most vulnerable residents)
• Actively work with local NHS organisations to support their
Restoration & Recovery plans to make sure they address the
needs of the most vulnerable people in the city
• Recognize and support unpaid carers in the city, including
developing more respite provision.
• A Modernisation Programme for Health and Adult Social Care
to deliver better lives and stronger communities.
• Implementation of the Joint Health and Wellbeing Strategy,
supporting an increase in healthy life expectancy and a reduction
of health inequalities.
• Promote a City Equalities Standard together with our
partners to promote fair employment practice to tackle the under
representation of people from BAME communities and disabled
people.
• We are working collaboratively with the DWP to launch a
youth hub in the city – specifically aimed at supporting
young people into employment. This group of our residents has been
particularly impacted by the pandemic and consequent loss of
work
• Our Employment and Skills team has been working on an
updated Employment and Skills Plan for the city – designed to
be effective and flexible as we enter a period of post-Covid
recovery.
• Community Wealth Building. Creation of a self-financing
‘revolving door fund’ for Community Wealth Building via
an on-lending pilot (set-up costs) / Investment in Community Wealth
Building to promote ethical employment practices and ensure the use
of the city’s public sector spending power to procure goods
and services locally for the benefit of our
communities.
Silver
Recycling / refuse campaigns / A sustainable city
• We will increase the range of materials that can be recycled
in the city, improve the quality of kerbside and extend on street
recycling.
• The City Environment Modernisation Programme is developing a
sustainable future for the service in the context of reducing
council budgets, increases in customer demand and an expanding
service offer. Activities within the Programme will have an impact
on the percentage of waste landfilled. Many projects within the
Modernisation Programme will have an impact on the percentage of
waste sent for reuse, recycling and composting
• The Managing Waste Responsibly Project is improving how the
council communicates with and educates the city on recycling.
Through collaboration with stakeholders, activities and resources
will be designed to improve the city’s recycling rates.
Residents will be encouraged to reduce, reuse or recycle before
disposing of waste.
• We plan to introduce new food waste collection rounds
• We will replace our communal bin system with a new system
that encourages more recycling and reduces the risk of
contamination
• We will work with community groups to develop options for a
new reuse centre in the city
• Information campaign on fly tipping, fly posting,
environmental enforcement, clean ups, tidy ups, what you can and
can’t recycle.
Anti-racism and equalities / A Stronger City
• We aim to achieve re-accreditation as a City of
Sanctuary
• We will create and deliver a new Inclusive Cities Action
Plan
• We will develop an Accessible City Strategy
• We will fund a Community Banking Partnership to tackle
financial exclusion
• We plan to secure funding to deliver a Black, Asian and
Minority Ethnic Civic Leadership Programme
• We will deliver the Council’s new tenant and leasehold
engagement strategy
• We will support the delivery of a new LGBTQ+ Community Hub
– the Ledward Centre
• We will invest in an independent support service for people
who have experienced racially and religiously motivated hate
crime
• We will implement third party reporting centres for hate
incidents and crimes, as an action set out in the Community Safety
Strategy
• We will work proactively, and in partnership, to meet our
duties under the new Domestic Abuse Act
Bronze
Housing / A City to Call Home
• Focus on improving homeless prevention and reconnection to
reduce overall numbers and the length of stay for households in
Temporary Accommodation (TA).
• An ‘end to end’ review of our temporary
accommodation (TA) services through a TA Improvement Programme. The
programme will include a review of income collection, voids
turnaround, procurement, management of lettings etc, as well as
work to increase the number of Council-owned TA units.
• We will review how the Council can better support rough
sleepers reflecting the aims of the Homelessness and Rough Sleeping
strategy, learning from the COVID-19 emergency housing programme
and consequent budget pressures.
• Investment in Housing needs services to improve homelessness
prevention, manage the TA service, identify move on accommodation
and speed up moves within the housing stock to improve the customer
journey and save money through more efficient use of the TA and
permanent housing stock.
Investment in housing systems and processes to streamline and
automate manual processes will also produce savings in future. Some
of the changes required will be identified through the TA
improvement programme.
Youth / A Growing
and Learning City
• Explore, with partners, investing in a Central Youth Hub
that will provide city wide services to young people.
• Agree an action plan with Youth Council members that will
improve visibility, ensure young people lead on prioritising,
planning, and implementing projects, as well as organising and
chairing meetings with support from Council Officers
• Agree a clear process for measuring success regarding sexual
health and mental health services delivered by youth services
across the city, as well as how accessible they are for those young
people with protected characteristics
• The youth employment hub and Employability Service will
continue to engage with council teams and organisations supporting
young people to ensure that they can access services and support
that enable them to achieve personal and career
outcomes.
|
|
Continue effective
collaboration with health & social care within the
city
|
Executive Director
Health and Adult Social Care
|
70
|
31/03/22
|
14/02/17
|
31/03/22
|
|
Comments:
The
Integrated Care System for Sussex will become a statutory function
from April 2022 and Brighton and Hove City Council will be a formal
partner in its ongoing development and the delivery of health and
care services to our whole population. Within the new ICS there
will be a placed based governance structure for Brighton and Hove
and the principle of subsidiarity will apply where design and
delivery of services will focus from neighbourhoods upwards
depending on the optimal model of care to meet patient/service user
outcomes. Further guidance is anticipated from national government
with a white paper imminent on integration which will be considered
with the white paper on Adult Social Care ‘People at the
Heart of Care’ which was published in early December
2021.
|
|
Convening partners
to have a joined up understanding of city wide problems and to
agree joint approaches to solve them
|
Head of Policy,
Partnerships & Scrutiny
|
25
|
31/03/24
|
18/11/21
|
31/03/24
|
|
Comments:
Ensuring the
democratic mandate of BHCC is clear to partners across city is
vital to this risk to help ensure we have political / community
leadership demonstrated within our partnership structures. This
will be further developed in Q1 2022. Work with partners in areas
such as rough sleeping, infection control, and supporting
businesses to access government funding, has emerged due to
responding to and recovering from Covid-19.
|
|
Develop a strong
lobbying strategy to effectively influence government
|
Head of Policy,
Partnerships & Scrutiny
|
75
|
31/03/23
|
07/01/20
|
31/03/23
|
|
Comments:
Policy,
Partnerships and Scrutiny (PPS) coordinated the material and
presentation of the Brighton & Hove City Council submission to
Ministry of Housing, Communities & Local Government (MHCLG)
All-Party Parliamentary Group (APPG) enquiry into the local
authority role in achieving Net Zero. The report is now published
by the House of Commons.
|
|
Develop and
maintain the city's physical assets to meet future challenges,
including climate change
|
Executive Director
Economy, Environment & Culture
|
75
|
31/03/22
|
14/02/17
|
31/03/22
|
|
Comments:
Strategic Delivery
Board is overseeing the City's Investment Programme of regeneration
and infrastructure projects. Greater Brighton Economic
Board agreed Digital Infrastructure Plan - October 2019 Greater
Brighton Economic Board supporting Coast to Capital LEP with
development of their Local Industrial Strategy.
Greater Brighton Economic Board has established an Infrastructure
Panel that is overseeing the delivery of Energy and Water Plans for
Greater Brighton. Energy and Water Plans were approved July
2020. Greater Brighton Economic Board considering
an investment pipeline of infrastructure projects to support
economy recovery following Covid-19 public health
crisis.
- Cross party working groups for major regeneration projects have
recommenced from July 2020 following pause during Covid-19 public
health crisis
- New City Downland Estate Plan under development, by March
2022.
Steps have included:
- Continuing to progress investment programme and project pipeline
to deliver major regeneration projects and investment in
infrastructure
- Greater Brighton Economic Board agreed a Covid-19 Economic
Recovery Plan in 0ctober 2020
- Progress updates on Covid-19 Recovery Plan and presenting to the
Greater Brighton Economic Board (January 2021 and April
2021)
- Cultural economy recovery plan agreed November 2020
- Visitor economy recovery plan agreed by TECC committee - June
2021
-An update on the Greater Brighton economy and the impact of the
covid-19 pandemic was commissioned and presented to Greater
Brighton Economic Board – October 21
|
|
Development &
Delivery of an Inclusive Cities Action Plan
|
Head of
Communities, Equalities & Third Sector
|
75
|
31/03/23
|
12/02/20
|
31/03/23
|
|
Comments:
Previously there
was a Collaboration Framework. Focus has shifted to developing a 3
years Inclusive Cities Action Plan as part of the council’s
participation in the national Inclusive Cities Programme and as its
corporate commitment to being a City of Sanctuary and an
anti-racist council ensuring equality of opportunity and access to
services for all and the assets they are to the city. This
was agreed with members and partners in late 2019. Development of
the Inclusive Cities Action Plan was delayed in 2020 due to the
pandemic. The Programme coordinators - COMPAS – the
Centre on Migration Policy and Society within University of Oxford
called a meeting with BHCC in September 2020 to update on the
restart of the programme. The council’s Lead Member for
Equality and lead officer working on Inclusive cities continues to
attend the virtual Inclusive Cities programme meetings - November
2020, January 2021, May 2021 and as required by the national
programme. COMPAS has encouraged BHCC to complete its action
plan by the end of the calendar year 2021. The Brighton & Hove
taskforce met in January and April 2021 and an initial action plan
has been developed. Further work on the action plan including
consultation on the draft has been paused as staff resources have
been directed to the urgent resettlement of Afghan evacuees on the
government's resettlement programmes. Work on the inclusive cities
action plan is expected to restart in January 2022 when dedicated
staff, funded through the government programmes, to deliver the
Afghan resettlement scheme has been recruited.
|
|
Ensure the
council’s Budget Strategy clearly communicates policy
priorities, funding and resourcing and aligns with statutory
agencies and other key institutions to better manage the
risk
|
Chief Finance
Officer
|
50
|
31/03/22
|
07/01/20
|
31/03/22
|
|
Comments:
The
Corporate Plan (A Fairer and Sustainable City) was approved in
February 2020. The 2021/22 budget includes investments linked to
each of the Corporate Plan priorities. This includes recurrent,
one-off and capital investments. Future Corporate Plan
commitments, including Carbon Net Zero, are built into the Capital
Investment Programme, where known, and revenue investment of
£1m pa is currently assumed in the Medium Term Financial
Strategy. The annual budget will categorise all investments against
Corporate Plan priorities to ensure clear understanding of how the
council’s budget and capital programme will support agreed
priorities.
|
|
Forming and
sustaining strategic partnerships
|
Head of Policy,
Partnerships & Scrutiny
|
25
|
31/03/24
|
18/11/21
|
31/03/24
|
|
Comments:
We have
established partnerships across city and sub region, but these have
been impacted by pandemic and lack of opportunity to convene in
person meetings. Some partnerships have maintained via virtual
meetings, but there is increasing need to adapt our practice to
take account of these developments. We presented to City Management
Board recently and agreed to take work further, though this could
be impacted by White Paper on Levelling up and Devolution, possibly
requiring new arrangements and focus in local areas.
|
|
Full and active
member of the Local Resilience Forum
|
Head of Safer
Communities
|
75
|
31/03/23
|
01/04/20
|
31/03/23
|
|
Comments:
BHCC
are active members of the local, Sussex Resilience Forum. Officers
from the Emergency Planning and Resilience team attend the working
groups and senior managers attend the executive group on a regular
basis. A clear action plan has been developed setting out priority
work for the group to undertake such as ensuring that emergency
plans for each local authority are fit for purpose and that
learning and development can be rolled out to ensure that staff are
aware of their roles and responsibilities going forward. Several
workstreams have been developed including, death management,
weather and environment, events, communications and community
resilience. The Sussex Resilience Forum links to local health
resilience partnership and the Sussex health responders.
|
|
Programme to
enhance the council's role to support the city economy and promote
business
|
Executive Director
Economy, Environment & Culture
|
95
|
31/03/22
|
14/02/17
|
31/03/22
|
|
Comments:
The EEC
directorate reports Major Projects updates to Strategic Delivery
Board.
- Government Business Grants and Discretionary Grants delivered to
business that are impacted by Covid-19
- Greater Brighton Economic Board have commissioned an economic
impact assessment of Covid-19
- City Recovery Programme Governance Structure established with an
events and Economy Working Group focused upon supporting local
business and economic recovery
Steps Include:
- Covid-19 Economic Recovery Plan developed and presented to
Greater Brighton Economic Board – October 2020
- Covid-19 City Recovery Plan to be developed and presented to
P&R Recovery Sub Committee
- Arts & Culture sector recovery plan developed with sector
partners and presented to TECC Committee January
2021
- Employment & Skills Recovery Plan to be presented to P&R
Sub-Committee in March 2021
- Cultural economy recovery plan agreed November 2020
- Visitor economy recovery plan agreed by TECC committee June
2021
- Kingsway to the Sea investment plan allocated £9.5m by
government in November Spending review
- An update on the Greater Brighton economy and the impact of the
covid-19 pandemic was commissioned and presented to Greater
Brighton Economic Board – October 21
|
|
|
|
|
Risk
Code
|
Risk
|
Responsible
Officer
|
Last
Reviewed
|
Issue
Type
|
Risk
Treatment
|
Current
Rating
|
Target
Rating
|
Eff. of
Control
|
SR25
|
Insufficient
organisational capacity or resources to deliver all services as
before and respond to changing needs and changing
circumstances
|
Chief
Executive
|
17/11/21
|
Threat
|
Treat
|
|
|
Revised:
Uncertain
|
|
|
|
Causes
|
Link to Corporate
Plan 2020-23. Attributes 7 'How will the plan be delivered' actions
to achieve 'A well run council'', action 7.2.
The capacity required to deliver services is impacted by a number
of internal and external factors which include:
• Budget pressures caused by reductions in Local Government
funding and the Covid-19 pandemic;
• Increasing demand for services across health and adult
social care;
• The non-defined timescale of managing the pandemic response
and recovery alongside business as usual;;
• The impacts and uncertainty of Brexit, including potential
impacts on resourcing;
• A complex political environment of no overall control;
• A challenging industrial relations environment.
These affect our ability to manage the resilience of our
organisation which is exacerbated by the reduction in staffing over
the last decade, including a reduction in leadership capacity in
the top four tiers of the organisation.
|
Potential
Consequence(s)
|
1. Failure to
deliver required changes in the organisation
2. Lack of engagement from trade unions and/or complex employee
relations issues
3. Capacity to undertake change work to design high quality
services, and to redesign services in line with reduced resource is
lost
4. Difficulty of retaining the right staff with the right skills to
key posts
5. Council delivery alters and working methods change permanently
due to Covid-19 and new technology
6. Negative impact on fulfilment of actions to improve equalities
and other statutory duties
7. Partnership working becomes more fragile as a result of changed
arrangements after Covid-19
8. Personal resilience tested by increased workloads, different
ways of working and less certainty leading to potential stress and
sickness
9. Less ability to be agile and flex to the organisation’s
needs, drive high quality services and increased performance
10. Less resilience as an organisation.
|
Existing
Controls
|
First Line of
Defence: Management Controls
1. Decision making through the budget process includes effective
consideration of resources to deliver on priorities
2. Support from Performance, Improvement and Performance (PIP) and
other support services to support the modernisation programme
3. Management capacity and capability being enhanced by Leadership
Performance Management processes and Development Programme, and
support delivered via the Leadership Network.
4. Staff Survey data is analysed and priority actions agreed with
key stakeholders, with plans in place to manage these.
5. Human Resources & Organisational Development (HROD) activity
has been pulled together into single 'Our People Promise' to
maximise resource efficiencies and ensure there is an attractive
and competitive employment offer to attract and retain the right
staff with the right skills.
6. Business Planning process including Directorate Plans to
identify key priorities with named responsible officers, and plans
kept under review to manage capacity.
7. Budget process
includes capacity as a key consideration
8. Some statutory Performance Indicators (PIs) are Key PIs and are
reported regularly to ELT, quarterly or annually.
9. HR Business Partners support Directorate Management Teams (DMTS)
to monitor people related data including staff absence compliance
with people related processes such as 121s, return to work
interviews, and wider data insight to indicate where there are
issues of capacity.
10. A robust wellbeing offer is in place, designed to address all
wellbeing needs, and also specific needs related to Covid19.
11. There is a dedicated role for Trade Unions
Relations
12. Future Ways of Working Programme Board
oversees the delivery of the Future Ways of Working Programme
13. Our People Promise Board oversees the delivery of
Our People Promise strategy
Second Line of Defence: Corporate Oversight
1. Executive Leadership Team (ELT) lead delivery of governance
arrangements and oversee Gateway process for requests for new
resources.
2. Corporate Delivery Modernisation Board (CMDB) and Directorate
Modernisation Boards have oversight of a portfolio of modernisation
projects and programmes enabling increased organisational capacity
such as ICT infrastructure, Business Improvement, Workstyles,
People and Culture Change, including the Future Ways of Working,
Our People Promise and Fair and Inclusive Workplace
programmes.
3. Constitutional Working Group input to streamline governance
arrangements and structure
4. ELT and City Management Board exchange details of working
arrangements and changes to key personnel across
organisations.
5. Members Policy Chairs Board and Policy & Resources Committee
have oversight of key policy priorities.
6. Corporate Equalities Delivery Group oversee the delivery of the
Fair & Inclusive Action Plan and Directorate Equalities
Delivery Groups
7. Reviewed by
A&S Committee in March 2021, July 2019.
Third Line of
Defence Independent Assurance:
1. Local Government Peer Review 2017 focused on Leadership and
Industrial Relations.
2. Internal Audit
* 2021/22: Performance Review Compliance - PDPs
and 1 to 1s (Partial Assurance), Agency Staff Contract (Reasonable
Assurance)
* 2020/21: Recruitment (Reasonable Assurance),
Working Time Directive (Partial Assurance)
* 2018/19: Personal Service Companies and Use of
Consultants (Reasonable Assurance), Wellbeing Project (Substantial
Assurance)
Reason for Uncertainty in Effectiveness of Controls: Decisions on
priorities and resource could impact on the capacity of officers'
to deliver on all priorities identified, whilst maintaining
services
|
|
Risk
Action
|
Responsible
Officer
|
Progress
%
|
Due
Date
|
Start
Date
|
End
Date
|
|
Deliver the Fair
and Inclusive Action Plan
|
Director of Human
Resources & Organisational Development
|
65
|
31/03/23
|
01/04/19
|
31/03/23
|
|
Comments:
Modernisation funds
have been secured to continue to progress this work through to
March 2023 as part of the wider Our People Promise programme. The
Fair and Inclusive Action Plan (FIAP) has four workstreams
including Accountability & Consequences, Learning &
Development, Recruitment, Retention and Progression and Communities
and Services. Priority actions to achieve the successful
recruitment and retention of staff at all levels from communities
not currently proportionately represented within the workforce
include delivery of insight programmes, inclusive recruitment
training for managers and a review of our Recruitment &
Selection Policy. This work will address disproportionate
outcomes of the recruitment process, such as BME applicants being
less likely to be shortlisted or employed in the middle and upper
pay bands. A range of coaching and training is also being
offered to increase development opportunities for staff
under-represented in the middle and upper pay bands, as well as the
new Diverse Talent programme being launched in January 2022 for BME
staff employed at grades 3-6. Actions to improve the
experience of disabled staff as reported in the Staff Survey 2021
includes improving the workplace adjustments process, providing
disability awareness training across the organisation, ensuring
opportunities for development and implementation of an IT&D
Accessibility project. Measures of success:
Deliver specified and non-cashable benefits for the
project/programme (March 2022). 5% improvement in staff
survey results against ‘The organisation feels like a fair
and inclusive place to work’ (Staff Survey – May 2021,
to be measured in survey May 2023).
The work continues to be developed and implemented and progressed
in collaboration with our workers fora and trade unions. It
is reported and tracked through the People and Culture Change Board
which is chaired by the Assistant Director HROD, as well as
oversight from the Corporate Equality Delivery Group, chaired by
the Chief Executive.
|
|
Deliver the Future
Ways of Working Programme, which includes new use of technologies
and accommodation
|
Director of Human
Resources & Organisational Development
|
50
|
31/10/22
|
01/11/21
|
31/10/22
|
|
Comments:
The
Focus Group engagement has built upon the significant amount of
initial work taken place to consider future ways of working during
Covid19 and continues to be developed in partnership with staff
representatives and worker forums. This is to ensure we take
advantage of new ways of working established during Covid19 and
maximise potential efficiencies in how we use resources by building
an employment offer that:
1. delivers to our customer,
2. supports staff wellbeing,
3. is inclusive and accessible,
4. makes us an employer of choice
5. considers our carbon footprint and
6. supports our members
New ways of working continue to be designed to inform improvements
for the Customer Experience programme and the more efficient use of
resources which take the opportunities to embed digital and
sustainable recovery. Continuing deployment of new technologies,
and in particular tools to support collaboration and flexible
working (such as the roll-out of Microsoft 365 and applications)
will support staff to have more choice and flexibility in where and
the way they work. This is aligned with Our People Promise
programme (a great place to work) and increase how time can be
spent productively (less travel and improve information
management).
Our planned and phased reintroduction to offices from September has
gone well which was supported with a range of tools, training and
assistance for staff and managers and informed by the Focus
Groups. A Collaboration Space Pilot will be launched in early
January 2022 to test different office set-ups, with further
exploration and piloting leading to a full business case on future
Accommodation Strategy during 2022.
|
|
Deliver the Our
People Promise Strategy
|
Director of Human
Resources & Organisational Development
|
75
|
31/03/23
|
01/04/19
|
31/03/23
|
|
Comments:
The Our
People Promise (OPP) Strategy provides the following
commitments;
- We promise to support your wellbeing at work
- We promise that we will be a fair & inclusive place to
work
- We promise you opportunities to do your best
- We promise to say “well done”, recognise and reward
you for great work
- We promise you a good place to work so we can do the best for our
city
These commitments were developed through the feedback staff gave in
the 2017 staff survey, and participation by staff from all
directorates in a 2018 Think BIG (business improvement group)
session. Initiatives and actions delivered through these promises
has led to improvements in the 2021 staff survey results.
The Our People Promise (OPP) Strategy is being further developed to
provide an updated strategy and programme plan to maximise resource
efficiencies and to ensure there is an attractive and competitive
employment offer to attract and retain the right staff with the
right skills. Following the 2021 staff survey the OPP actions are
being refreshed to ensure current issues and risks are being
mitigated. A draft plan will be considered by the OPP board in
December 2021, followed by internal stakeholder input from
January-March 2022. A programme plan and strategy document will be
produced for 2022/2023.
|
|
|
|
|
|
Risk
Code
|
Risk
|
Responsible
Officer
|
Last
Reviewed
|
Issue
Type
|
Risk
Treatment
|
Current
Rating
|
Target
Rating
|
Eff. of
Control
|
SR10
|
Corporate
information assets are inadequately controlled and vulnerable to
cyber-attack
|
Chief
Executive
|
17/11/21
|
Threat
|
Treat
|
|
|
Revised:
Uncertain
|
|
|
Causes
|
BHCC is highly
dependent on its digital information asset (more than 300 business
systems containing 10’s of millions of records and more that
20 million inbound and outbound emails a year).
This asset is vulnerable to cyber-attack from several threat actors
including employees, cyber criminals, hackers and to some extent
foreign states.
In addition to an intentional cyber-attack, the sensitive
information (personal citizen information or corporate sensitive
information) is vulnerable to accidental loss or accidental
publication.
The growing volume of digital information (compounded by the
tendency to over retain information), the pervasiveness of digital
technologies and sophistication of cyber threat requires a
constantly evolving approach to cyber security, Information
Governance (IG) and Information Management to combat this
threat.
The ways of working adopted during the current Covid-19 (C-19)
pandemic heightens this risk and would make recovery more
challenging.
This risk is linked to the Corporate Plan Outcome: ' A well run
city: Keeping the city safe, clean, moving and
connected'.
|
Potential
Consequence(s)
|
• A successful
large-scale cyber-attack could halt the entire operation of the
organisation. A successful medium scale cyber-attack would severely
disrupt services by preventing access information, payments and/or
communication. This would have a tangible impact on citizens lives
and greatly increase the potential for physical harm and even death
due to the impact on service delivery
• A successful medium scale cyber-attack would have serious
financial impact. The cost of recovery and repair (and potentially
imposed penalties) is likely to exceed £10million
• Any loss of data (either through attack or accident) is
likely to damage the council’s reputation with the public who
entrust us with their information
• The Public Services Network (PSN) & Health & Social
Care Information Center (HSCIC) could impose operational sanctions
which would be catastrophic for many services.
|
Existing
Controls
|
First Line of
Defence: Management Action
Prevention - Technical Controls
• Corporate firewall to monitor and control incoming and
outgoing network traffic.
• Hard drive protection to prevent access to information on
lost or stolen devices.
• Password policy in line with NCSC (National Cyber Security
Centre) advice.
• Hosting in a tier three, ISO 27001 Certified
datacentre.
• Secure e-mail (using NCSC Mail Check to maintain DMARC, SPF,
DKIM and TLS configurations).
• Patching regime in place across entire estate.
• Annual health checks and penetration tests.
• Membership of South East WARP (Warning, Advice and Reporting
Point) organised by the National Cyber Security Centre) providing
up-to-date advice on information security threats, incidents and
solutions.
• IT&D incident management process integrating data breach
and cyber security incidents.
• Procurement of all new and changed applications is subject
to review against IS and IG standards.
Prevention – Behavioural Controls
The council's Behaviour Framework applies to all staff and
includes under 'Behaving Professionally' the text “I handle
confidential matters and information discreetly and within set
guidelines (e.g. Data Protection, data sharing protocols).
• Online IG training is published on the learning gateway and
cyber-security sessions delivered by the local police cyber-crime
unit have been made available to all staff.
• A variety of guidance materials (including guidance on
strong password creation, phishing and working from home safely
during c-19) are published on the Wave.
• Privacy impacts assessments (PIAs) conducted for all new
business process and systems involving personal information.
Recovery Controls
• Documented major incident process in place.
• Basic recovery procedures documented for major
systems.
• Full backups of business data for all internally hosted
application.
• Shared Orbis expertise - 5 CISSP (Certified Information
Systems Security Professional) qualified staff working in the
partnership.
• Managed relationship with ICO (Information Commissioners'
Office).
Second Line of
Defence: Corporate Oversight
• A suite of Information Governance Policies are regularly
reviewed and approved by IGB.
• An information risk register is regularly reviewed by
Information Governance Board (IGB) and the Senior Information Risk
Owner (SIRO).
• The Senior Information Risk Owner (SIRO) is briefed monthly
on areas of risk.
• The Information Governance Board (“IGB”)
oversees and provides leadership on Information Risk Management and
obligations arising from legislation such as the Data Protection
Act (DPA) 1998 & Freedom of Information (FOI) Act 1998.
• The Caldicott Guardians (Executive Directors Families,
Children & Learning; and Health & Social Care) have
corporate responsibility for protecting the confidentiality of
Health and Social Care service-user information and enabling
appropriate information sharing.
• The Information Governance Team operates as an independent
function to provide advice, guidance and oversight in key
areas.
• Information Governance and Cyber Security receives oversight
from the Audit and Standards Committee.
• A Joint Orbis Data Protection Officer (DPO) has been in post
as of May 2018. This role assists in the monitoring of internal
compliance, provides advice on data protection obligations and Data
Protection Impact Assessments (DPIAs).
• Reviewed by
A&S Committee in July 2019, January 2021.
Third Line of Defence: Independent Assurance
1. Internal and external IT audits provide an objective evaluation
of the design and effectiveness of IT&Ds internal controls. An
annual Internal Audit schedule is agreed with internal audit; some
focus audits specifically on Information Governance (IG) areas, but
all will cover some aspect of IG. The outcome of all audits is
reported to the Audit and Standards Committee quarterly.
* 2021/22: Email Communication - personal
and sensitive encryption (Reasonable Assurance), DWP/Searchlight
System Security Compliance (Reasonable Assurance)
* 2020/21: Cyber Security (Reasonable
Assurance), IT Asset Management during Covid 19 (Reasonable
Assurance), GDPR (Reasonable Assurance), IT Access Management
(Partial Assurance), Housing Management System Implementation
(Partial Assurance)
* 2019/20: ICT Compliance Framework
(Reasonable Assurance), Network Security (Partial Assurance),
Mobile Device Management (Reasonable Assurance), Purchasing Card
System (Reasonable Assurance), Main Accounting System (Substantial
Assurance)
2. IT Health Check (ITHC) performed by a
‘CHECK’/’CREST’ approved external service
provider – covering both applications and infrastructure
assurance. The ITHC approach has been updated to include one
standard annual check and one targeted solution specific check
(e.g. the mobile service).
3. Continued assurance from compliance regimes, including Public
Sector Network (PSN) CoCo (Code of Connection); NHS Digital Data
Security and Protection (DSP) Toolkit; and Payment Card Industry
Data Security Standard (PCI DSS).
Reason for Uncertain status for effectiveness of controls: Cyber
threats are evolving to become more sophisticated and our growing
dependence on technology means that the impact of a successful
attack has greatly increased. Proportionate technical and
behavioural mitigation of this risk may not prevent a highly
sophisticated, persistent attack.
While we recognise the need for transparency and accountability,
for the purpose of this report, information which may compromise
security or in some way increase the organisation’s
vulnerability to cyber-attack may have been withheld.
|
|
Risk
Action
|
Responsible
Officer
|
Progress
%
|
Due
Date
|
Start
Date
|
End
Date
|
|
Prevention -
Technical Controls: Compile a ‘Systems League Table’ to
measure the relative ‘risk’ of the top 25 systems in
use at BHCC to act as a comparison of maturity and a signpost for
future work
|
Head of Strategy
& Engagement
|
25
|
31/03/22
|
01/04/20
|
31/03/22
|
|
Comments:
December '21
update: This work is deemed low priority and has been deferred due
to resource issues in the Info Sec team
|
|
Prevention -
Technical Controls: Deploy MetaCompliance’s (supplier)
MetaPlatform (application) to support an improved approach to
information asset management in the business
|
Head of Strategy
& Engagement
|
75
|
28/02/22
|
01/07/20
|
28/02/22
|
|
Comments:
December '21
update: Deployment has been delayed to align with Orbis partners,
but the build of the Data Privacy Impact Assessment (DPIA) process
has now been completed in the ESCC tenancy. Transfer of the build
to the BHCC tenancy will commence shortly with testing planned for
early 2022.
|
|
Prevention -
Technical Controls: Deployment of SharePoint online and OneDrive
(and decommissioning of P: and S: drives). This project will aim to
rationalise unstructured data in all services (identify duplicates
and inform management decisions around retention, destruction and
data quality improvement).
|
Head of Strategy
& Engagement
|
20
|
01/04/23
|
01/04/21
|
01/04/23
|
|
Comments:
December '21
update: Over 60 training session have now been completed with FCL
staff. Roll-out for ELT, Councillors & DMTs is now underway.
Work is on track but this is a long term programme.
|
|
Prevention -
Technical Controls: Improve Information Risk Management function.
This will include a risk register visible to IGB, SIRO & DPO
and clear processes and guidance.
|
Head of Strategy
& Engagement
|
100
|
31/08/21
|
01/04/20
|
31/08/21
|
|
Comments:
December '21
update: A major risk register is now in place. Further review and
future developments will be picked up in the New Year
|
|
Prevention -
Technical Controls: Lead a cross-dept. collaboration to develop a
surveillance camera toolkit to support compliant acquisition,
monitoring and evolution of surveillance cameras across the local
authority
|
Head of Strategy
& Engagement
|
20
|
31/08/21
|
01/10/20
|
31/08/21
|
|
Comments:
December '21
update: The cross-directorate collaboration was put on hold during
covid due to the unavailability of the SRO (Nick Hibberd) and the
Programme Manager (Ben Miles). It is now proposed to run this
programme from the central team. An asset register template
has been produced and will shortly be populated by City Environment
as a test case. It is also proposed to get involved in the
reconfiguration of the traffic control centre and use this as a
means to develop surveillance camera commissioner compliant
tooling.
|
|
Prevention -
Technical Controls: Migrate all instances SQL 2012 databases (End
of Life, July 2022) and Windows Server 2012 (End of Life, Oct
2023)
|
Head of Strategy
& Engagement
|
0
|
29/09/23
|
01/04/21
|
29/09/23
|
|
Comments:
December '21
update: Any SQL2012 databases (EOL July 2022) are on track to be
decommissioned by March '22. Any Windows Server 2012 (EOL Oct 2023)
will start to be removed from April '22.
|
|
Prevention -
Technical Controls: Review and improve the cyber incident
management process, including better use of Cherwell (IT&Ds
incident management system which appears to staff as ‘My
servicehub online’).
|
Head of Strategy
& Engagement
|
80
|
28/02/22
|
01/04/20
|
28/02/22
|
|
Comments:
December '21
update: Cyber Incident review with Zurich is in progress.
Documentation and a desktop exercise with Chief Exec will be
scheduled for completion by end of Feb 2022
|
|
Prevention -
Technical Controls: Review and improve user access controls
(network and application access rights for starters, leaver and
movers) via the Access Management project
|
Head of Strategy
& Engagement
|
40
|
01/04/22
|
02/04/18
|
01/04/22
|
|
Comments:
December '21
update: Following it's pause during the pandemic, the restarted
project has completed a discovery phase (including the review of
all associated audit reports) and created a new high level
technical design (signed off by project board). The next phase will
create a delivery plan.
|
|
|
|
|
|
|
Risk
Code
|
Risk
|
Responsible
Officer
|
Last
Reviewed
|
Issue
Type
|
Risk
Treatment
|
Current
Rating
|
Target
Rating
|
Eff. of
Control
|
SR18
|
The organisation is
unable to deliver its functions in a modern, efficient way due to
the lack of investment in and exploitation of technology
|
Director of Human
Resources & Organisational Development
|
17/11/21
|
Threat
|
Treat
|
|
|
Revised:
Adequate
|
|
|
Causes
|
The organisation is
highly dependent on technology for the delivery of services.
However, technology requires ongoing financial investment to keep
pace with the expectations of staff and customers and avoid
technology failures which lead to disruption to services.
Investment can be sub-divided into 5 key areas:
1. Investment in foundational technology: ensuring a reliable and
secure infrastructure
2. Investment in ‘end user’ technology: provide
appropriate device, corporate systems, and office productivity
tools
3. Investment in business applications: ensuring service owned
systems are fit for purpose
4. Investment in digital transformation: enabling modernisation
programmes to develop and utilise new digital approaches and
technologies
5. Investment in leaderships and staff: improving our leaders and
staff’s tech competencies and ensuring the opportunities
provide by technology are recognised and exploited
Link to Corporate Plan: Outcome: ' A well run city: Keeping the
city safe, clean, moving and connected'
|
Potential
Consequence(s)
|
1. Investment in
foundational technology
BHCC will be more vulnerable to cyber-attack (SR10) as well as
regular service outages caused by systems failure. This will result
in failure to deliver services, a loss of revenue, an increased
risk to residents and a negative impact on staff morale
2. Investment in ‘end user’ technology
Lack of (or inadequate) end user technology will limit service
ability to achieve relevant corporate plan objectives/make the
required service improvements. It will also have a negative impact
on staff morale and make it more challenging to attract and retain
talent due to not meeting expectations of a modern working
environment.
3. Investment in business applications
Continuing to run business specific applications which are not fit
for purpose will limit service ability to achieve relevant
corporate plan objectives. They will also put the organisation at
greater risk of cyber-attack (SR10) and raise risks associated with
poor information management, accessibility, and interoperability
with digital products.
4. Investment in digital transformation
Digital transformation underpins the organisation’s ability
to deliver value for money services, provide excellent customer
service and create organisational agility. Inadequate investment
(and investment which that is not balanced across the multiple
facets of digital - cultural change, process improvement and
digital technologies) will lead to a failure to meet these
corporate objectives. It will also have a negative impact on staff
morale and negatively impact the council’s and city’s
reputation as a digital city.
5. Investment in leadership and staff
Managers and leaders require support to understand the implications
of new technologies and how they can be utilised. Staff will need
to be supported to become more digitally curious and engaged and
have the confidence to adopt new ways of working. Without the
investment to support these changes, the value of any investment in
technology will be lost.
|
Existing
Controls
|
First Line of
Defence: Management Action
1. Investment in foundational technology
a. Planed annual
capital investment in foundational IT (a share of £1M split
between foundational and end user technology) is managed through a
structured capital investment programme Foundational IT (FIT),
formally ‘Digital Organisation Programme (DOP) with the
appropriate programme structures and artifacts and oversight via
the Corporate Modernisation Board (CMDB)
b. Exceptional
capital investment is approved at CMDB and managed alongside
planned capital investment.
c. Investment
programmes to date have delivered multiple new capabilities
including - off site, secure Data Centre storage (ODC); Platform
migrations (Citirix and Windows10), a GDS (Government Digital
Services) security accreditation mail service, ubiquitous wi-fi
capabilities across all BHCC offices, and remote working service
(AOVPN) for the entire workforce
2. Investment in ‘end user’ technology
a. Planned annual
capital investment in ‘end user’ technology (a share of
£1M split between foundational and end user technology) is
managed through a structured capital investment programme
Foundational IT (FIT), formally ‘Digital Organisation
Programme (DOP) with the appropriate programme structures and
artifacts and oversight via the Corporate Modernisation Board
(CMDB)
b. Exceptional
capital investment is approved at CMDB and managed alongside
planned capital investment.
c. Investment
programmes to date have delivered multiple new capabilities
including – the creation of a new mobile service and the
introduction of 1800+ iPhones/tablets and the introduction of 3,000
new laptop devices.
3. Investment in business applications
a. With oversight from CMDB, investment in the
Eclipse programme (£2.8M) to replace the core social work
case management system.
b. Investment in
the replacement of the housing management system.
4. Investment in organisational transformation
a. With oversight
from CMDB, investment via the Digital Customer programme
(£1.7M) has sponsored multiple digital transformation
projects including corporate web migration, MyAccount, Customer
Index/Viewer project and the Contact Management project
b. Ad hoc digital
improvements were made as part of the Covid response including the
Clinically Extremely vulnerable (CEV) App, Community Hub app, Free
school meals app, PPE form, Homeless food delivery, Discretionary
grant application, Business grant application, etc
5. Investment in leadership and staff
a. Leadership
Network is a forum for developing leaders
Second Line of Defence: Corporate Oversight
1. Corporate Modernisation Delivery Board (CMDB) oversees the
alignment of programmes and projects to the Corporate Plan aims and
review any gaps. This includes the oversight of the Foundational IT
programme (FIT), Digital Customer programme and the Future
Ways of Working programme
2. Executive Leadership Team (ELT) have oversight of the biannual
staff survey and specifically the relevant indicator ‘I have
access to the equipment, systems & resources I need to do my
job effectively’ (2021: 71%, 2019: 57%, 2017: 55%)
3. Tech & Digital Board in place to review progress, identify
interventions where strategic changes on IT are required, and
produce a re-focused strategy that aligns the needs of
services
4. 31Ten are
providing consultancy around digital strategy.
5. Silversands have provided assurance around Microsoft
365.
6. The Audit &
Standards Committee reviewed this risk in January 2021 and July
2019.
Third Line of Defence: Independent Assurance
1. Internal Audit:
* 2021/22: MCM Housing Repairs Application (Reasonable
Assurance)
* 2020/21: Care System Replacement Project –
Eclipse (Reasonable Assurance), Housing Management System
Implementation (Partial Assurance), Cloud Computing (Reasonable
Assurance), IT Access Management (Partial Assurance)
* 2019/20: Mobile Device Management (Reasonable
Assurance), Survelliance Cameras (Partial Assurance)
* 2018/19: Digital First (Minimal Assurance), Housing
Management System Replacement (Reasonable Assurance), Care
management system re-procurement (Reasonable Assurance)
|
|
Risk
Action
|
Responsible
Officer
|
Progress
%
|
Due
Date
|
Start
Date
|
End
Date
|
|
Investment in
‘end user’ technology - Foundational IT Programme:
Deployment, adoption and training of new information management
tools (Microsoft365) to replace personal/shared drives &
wave
|
Head of Strategy
& Engagement
|
30
|
31/03/23
|
01/04/20
|
31/03/23
|
|
Comments:
December '21
update: The planned rollout of Microsoft365 was adjusted in order
to respond to the c-19 pandemic and the urgent need for remote
working. As a result, deployment of MS Teams for communications and
OneDrive was brought forward to mid - 2020 (for all Windows10
users). Subsequently, a new information architectural to replace
shared drives and personal drives has been developed and 'full' MS
Teams is currently being deployed. SharePoint online will be
deployed from early 2022. Deployment of enhancements to the offer
(e.g. Teams Recording & MS Forms ) will continue to be deployed
intermittently. The use of SharePoint online to replace the current
intranet (The Wave) has been signed off and a phase one 'content
migration' project has been initiated.
|
|
Investment in
‘end user’ technology - Foundational IT Programme:
Strategic Telephony Review
|
Head of Strategy
& Engagement
|
10
|
31/03/23
|
01/04/20
|
31/03/23
|
|
Comments:
December '21
update: Currently in phase 1/4 - Migrating Centrex analogue phone
system to 8x8 cloud telephony. The contract is due for signing
before the end of year.
|
|
Investment in
business applications: Social Care and Housing service projects to
replace core systems of record and establish improved data
management practices
|
Head of Strategy
& Engagement
|
100
|
31/08/21
|
20/04/17
|
31/08/21
|
|
Comments:
December '21
update: NPS Housing (now known as NEC Housing) went live on 19 July
2021. All staff were trained in the new system. We have
recently undertaken a survey of staff to see how it is bedding in
after 4 months of running and are looking at how improvements can
be made to ensure the new system improves the service for staff and
customers. Eclipse went live on 22 November 2021 and replaced
CareFirst for social care. In both cases there will be substantial
follow up activity as other modules/'add-ons' are brought
online.
|
|
Investment in
business applications: Strategic review of HR & Financial
information systems
|
Chief Finance
Officer
|
10
|
31/05/22
|
16/11/21
|
31/05/22
|
|
Comments:
Dec-21:
SOTICIM
have been appointed to carry out an options appraisal to establish
the next steps for the corporate systems strategy. These options
will lead to a decision about either upgrading or replacing the HR
& Financial information systems to ensure the organisation has
the systems required to enable us to deliver our plans. Core
functionality, user friendly, maximise automation/integration,
accessibility in line with statutory requirements, best value for
money. Several workshops have taken place with key
stakeholders.
|
|
Investment in
digital transformation - Data Management/BI: Establishing a
framework for Data Management via a Data Governance Framework
Steering Group
|
Head of Strategy
& Engagement
|
5
|
31/03/24
|
29/09/21
|
31/03/24
|
|
Comments:
December ’21
update: Scope, membership and ToR of the Governance group agreed at
the first two meeting.
|
|
Investment in
digital transformation - Digital Customer: Contact Management -
Onboarding additional services. Building basic CRM
capability.
|
Head of Strategy
& Engagement
|
10
|
31/03/24
|
01/11/21
|
31/03/24
|
|
Comments:
December ’21
update: Contact the council has been migrated from Mendix and fully
integrated with Contact Manager. BusOps, City Parks, Councillor
enquiries and Travel & Transport have been onboarded.
|
|
Investment in
digital transformation - Digital Customer: Website and
MyAccount
Implement a series of improvements to the MyAccount customer
experience, including mobile experience. Rationalise online forms
to align with ‘Customer Hubs’ and improve targeted
contact. Implement website content strategy leading to
improved customer experience, findability and MyAccount
integration.
|
Head of Strategy
& Engagement
|
10
|
31/03/24
|
01/11/21
|
31/03/24
|
|
Comments:
December '21
update: Future planning for Website and MyAccount has been agreed
and a Digital Support Technician has been recruited
|
|
Investment in
foundational technology: Foundational IT Programme: a series of
ongoing improvements to the speed and reliability of the underlying
corporate infrastructure.
|
Head of Strategy
& Engagement
|
30
|
31/03/23
|
01/04/20
|
31/03/23
|
|
Comments:
December '21
update: Remote connectivity using 'Always On VPN' has now been
stabilised. Additionally a project has been initiated to refresh
the end of life LAN network infrastructure to enable Portslade Hub
and single sign-on network password reset has been enabled for all
users.
|
|
Investment in
leadership and staff: Establish a digital skills framework for BHCC
and ensure the appropriate learning & development solutions are
made available and communicated to all staff
|
HR Business
Partner
|
5
|
31/03/23
|
17/11/21
|
31/03/23
|
|
Comments:
This is
currently being scoped and we are utilising the Government Digital
Skills Framework. We are identifying service champions to support
this work.
|
|
|
|
|
|
|
Risk
Code
|
Risk
|
Responsible
Officer
|
Last
Reviewed
|
Issue
Type
|
Risk
Treatment
|
Current
Rating
|
Target
Rating
|
Eff.
of
Control
|
SR32
|
Challenges in
ensuring robust & effective health & safety measures,
leading to personal injury, prosecution, financial losses, or
reputational damage
|
Director of Human
Resources & Organisational Development
|
17/11/21
|
Threat
|
Treat
|
|
|
Revised:
Adequate
|
|
|
Causes
|
Link to Corporate
Plan 2020-23: Attributes 7. How will the plan be delivered. Actions
to achieve A well run council.
To ensure that the council meets the requirements of law and
controls the likelihood and impact of risks which have potential to
cause harm to residents, visitors and stakeholders there must be
robust oversight of arrangements in delivering services and
procuring goods to meet health and safety (H&S) legislation and
other regulatory requirements. This includes responding to the
global COVID-19 pandemic to ensure the safety and health of our
staff and residents of the City. This is challenged by reducing
resources, increasing demands and changes to our operating
environment, and increased focus by regulators.
|
Potential
Consequence(s)
|
* Actual and
potential harm
* Ability to respond to COVID-19 involves new skills and increased
pace of response
* Custodial sentences for duty holders
* Fines and litigation
* Resources not well directed with implications for
efficiency
* Decisions made are challenged
* Increased costs of rectifying mistakes
* Financial stability of organisation compromised
* Reputational damage.
|
Existing
Controls
|
First Line of
Defence: Management Controls
1. Health &
Safety (H&S) policy which sets out roles, responsibilities and
arrangements
2. Access to
competent advice (Health & Safety team) including technical
fire safety and lead investigation of all health & safety
incidents
3. Safety
management framework - Team Safety. Link to HR processes e.g.
working time directive returns which triggers risk assessment for
the individual
4. Deployment of
H&S expertise to support high priorities identified e.g.
COVID-19 response; staff support to Housing and City Environment
Management (CEM)
5. H&S Training
core programme (online learning and face to face where
essential)
6. Fire Risk
Assessments (FRAs) in place on council buildings with a programme
of review which is monitored by Head of Health and Safety and AD
Property and Design
7. Wellbeing
Steering Group coordinated by Health & Safety with membership
including workforce reps identifies targeted support for staff
through feedback and links to local and national
campaigns
8. Housing Fire
Health and Safety Board (Council, ESFRS) continue to oversee
co-ordination of resources and manage actions through to
completion. Ongoing monitoring of outcome of Grenfell Public
Inquiry and any potential implications for the council relating to
housing. The enforcing authority are supportive of the council's
approach and have developed joint partnership working to assessing
and managing fire risk.
9. The Assurance
Group has been re-established and has oversight of the Health &
Safety Strategic Action Plan. The response to Covid continues
to impact on officers’ capacity across the council and is
delaying the progression of some of the activities outlined in the
plan.
10. H&S
Membership at Safety Advisory Group/Major Incident Support Team
(MIST)
Second Line of
Defence - Corporate Oversight
1. COVID-19 Regular
meetings: COVID-19 Recovery Working Groups covering specific
aspects (e.g. PPE and Ways of Working); and Directorate
Consultative Meetings with Unions (separate School Union meeting)
take place regularly.
2. The Corporate
H&S Committee is being reformed as the Corporate (H&S)
Consultative Forum with new dates being planned from November
2021.
3. Corporate
H&S Team assess assurance levels for general H&S based on
H&S Checklists linked to Team Safety plans. Assurance work
ongoing in relation to quality checking school and council services
COVID-19 risk assessments and arrangements.
4. H&S audit
programme has been paused because of COVID-19 and will be
re-assessed as part of the wider COVID-19 Secure assurance work and
review of the H&S Strategic Action Plan. The new audit
plan is underway with the first stage being undertaking corporate
risk profiling. This is underway across all directorates and
the findings will be used to inform prioritised and targeted
audits.
5. Housing, Fire,
Health & Safety Board meets regularly includes representation
from East Sussex Fire & Rescue Service, the council's Health
& Safety, Communications and Building Control Teams and housing
managers
6. The Economy,
Environment and Culture health & safety board oversees
co-ordination of resources to manage risk and emerging safety
issues
7. Community
initiatives partnership, governance and escalation through Members
existing governance structures
8. Ongoing
assurance will be managed through the health and safety strategic
action plan, in particular the corporate risk profiling is a key
activity. Information obtained from the corporate risk
profiling will be available for external parties undertaking
inspections and quality assurance.
9. Reviewed at
Audit & Standards Committee in January 2021 and September
2019.
Third Line of
Defence: Independent Assurance
1. Post Grenfell
tragedy (June 2017) information required by Ministry of Housing
Communities and Local Government (MHCLG) in relation to council
owned blocks was provided. The Council provide data to MHCLG on
private sector blocks visual inspections.
2. East Sussex Fire
& Rescue Service (ESFRS) Regulatory Reform (Fire Safety) Order
- ESFRS undertake citywide audits according to a prioritised
programme which includes a range of council buildings. No
inspections of council buildings have led to the need for
enforcement action. All Council high rise buildings have been
visited by ESFRS.
3. A Notice of
Contravention issued by the HSE in response to their investigation
into the fatality in a school Feb 2019 outlined necessary action.
The council have responded to the NOC and no further comment has
been provided by the HSE.
4. HSE Control of
Vibration unannounced inspection in City Parks in October 2017,
linked to national focus on work related health. Areas for
improvement identified which has led to development of an action
plan with assigned leads and timescales for action. HSE responded
to RIDDOR reports specifically on vibration in March 2018 visiting
City Parks and City Clean. A request for an update on progress was
responded to in October 2020.
5. After Inquest
re. fatality of a council employee in 2018 the BHCC Coroner issued
a Regulation 28: Report to Prevent Future Deaths in March 2019.
Head of Health & Safety and Senior Lawyer prepared a letter in
response to outline the activity of the council to address the
issues raised within the Regulation 28 Report, and our plans to
address the long-term corporate issues. This is managed through the
Health & Safety Strategic Action Plan.
6. Royal Society
for the Prevention of Accidents (RoSPA) undertook an independent
audit of BHCC’s health and safety framework and arrangements
between 1-3rd and 10th December 2020. Final report issued from
RoSPA February 2021. Key elements from the RoSPA report have been
included in the strategic action plan.
7. Ofsted and CQC
undertake statutory audits of schools, educational settings and
care homes and care services.
|
|
Risk
Action
|
Responsible
Officer
|
Progress
%
|
Due
Date
|
Start
Date
|
End
Date
|
|
Develop Wellbeing
Strategy informed by the bi-annual 'Well Workforce
Survey'.
|
Interim Head of
Health and Safety
|
75
|
31/03/22
|
01/04/19
|
31/03/22
|
|
Comments:
Jan-22: The
Wellbeing Strategy is under review to ensure planned activities
remain relevant and link to local and national priorities and
campaigns. This includes ensuring appropriate resource is
identified and in place to deliver this important work. The
wellbeing action plan will continue to be overseen by the Our
People Promise Board. Themes arising from the all Staff
Survey will continue to feed into the action plan.
|
|
Housing Fire Safety
Board plan and monitor the ongoing programme of sprinkler
installations in the council's housing stock as approved by Housing
Committee
|
Assistant Director
Housing
|
50
|
31/03/22
|
01/04/16
|
31/03/22
|
|
Comments:
Nov-21:
Work with ESFRS on the Building Risk Review program, to promote
engagement and data sharing around higher risk residential
buildings with a view to agreeing a single point of contact.
. Continue joint monitoring of statutory fire risk assessment and
other duties and a risk based approach to investment and response
to issues arising, including fire doors in council blocks. Ensure
emerging Fire Health & Safety Standards from central government
post Grenfell are reviewed and implemented as required. In
particular, concerning issues with fire doors. Continue to update
Housing Cttee. Commission consultancy resource to review
building safety guidance post Hackett Review and following
publication of the Building Safety Bill. Commence Planned
works programme to replace doors. Continued engagement with
ESFRS , including through Housing Fire Health & Safety
Board.
|
|
Re-assess Team
requirements to deliver an effective H&S service to manage this
risk (both core and COVID-19 risks)
|
Interim Head of
Health and Safety
|
75
|
31/03/22
|
01/09/20
|
31/03/22
|
|
Comments:
Nov-21:
Supporting the Covid response has moved towards the Future ways of
working programme. Resourcing and capacity in the Health &
Safety team are reduced with continuing interim arrangements in
place. There are on-going challenges in recruiting candidates to
vacancies in the team. The H&S Assurance group has approved the
Directorate risk profiling approach. The data is now being
gathered and service priorities and adjustments to service
provision will be realigned as appropriate.
|
|
|
|
|
|
APPENDIX
2: A guide on the risk management process
including the questions Members might want to
ask of Risk Owners in relation to Strategic Risks
1. Risks are
prioritised by assigning risk scores 1-5 to the likelihood (denoted
by ‘L’) of the risk occurring, and the potential impact
(denoted by ‘I’) if it should occur. These L and I
scores are multiplied; the higher the result of L x I, the greater
the risk.
e.g. L4xI4 which denotes a
Likelihood score of 4 (Likely) x Impact score of 4 (Major), which
gives a total risk score of 16.
2. A colour coded
system, similar to the traffic light system, is used to distinguish
risks that require intervention. Red risks are the highest (15-25),
Amber risks are significant (8-14), Yellow risks are moderate
(4-7), and then Green risks are lowest (1-3).
3. The Strategic
Risk Register (SRR) mostly includes Red and Amber risks. Each
strategic risk has a unique identifying number and is prefixed by
‘SR’ representing that it is a strategic risk.
4. Each risk is
scored twice with an Initial ‘Current’ level of risk
and a Revised ‘Target’ risk score:
a) The
Initial ‘Current’ Risk Score reflects the
Existing Controls already in place under the ‘Three Lines of
Defence’ methodology. This represents good practice as it
identifies the First Line – Management Controls; Second Line
– Corporate Oversight; and Third Line – Independent
Assurance and the currency and value of each control in managing
the risk. Therefore the Initial Risk Score represents the ‘as
is’/ ‘now’ position for the risk, taking account
of existing controls.
b) The
Revised ‘Target’ Risk Score focuses on the
application of time and/or expenditure to further reduce the
likelihood or impact of each risk. It assumes that any future Risk
Actions, as detailed in risk registers, will have been delivered to
timescale and will have the desired impact.
c) The Risk
Owners are asked to consider the 4Ts of Risk Treatments –
Treat, Tolerate, Terminate, Transfer. Risk actions should reduce
the likelihood and/or impact – if neither are true, there
will not be any reason to undertake the action.
Suggested questions
for Members to ask Risk Owners and officers on Strategic Risks
The Audit & Standards Committee has a role
to monitor and form an opinion on the effectiveness of risk
management and internal control. As part of discharging this role,
the Committee focuses on specific Strategic Risks at each of their
meetings.
The Committee invite the Risk Owners of
Strategic Risks to attend Committee and answer their questions
based on detailed risk information appended to each Report.
In the Risk report, for each of the risk, the Risk Owner:
1. Describes
the risk, the causes and potential consequences and provides an
Initial ‘Current’ Risk Score which takes account
of the existing controls in place to mitigate the risk.
2. Existing
Controls are set out using the Three Lines of Defence model:
·
1st line: management controls
·
2nd line: corporate oversight
·
3rd line: independent assurance
This is provided in order
that Members can identify where the assurance comes from, and how
frequently it is reviewed and in the case of the 3rd
line, then whether audits of inspections have happened and if so
when that did it happen and what the results were. Risk Owners
ensure that existing controls continue to operate effectively.
Effectiveness of controls
should be reviewed based on the certainty of how the existing
controls will mitigate the risk – adequate, uncertain,
inadequate
3. (Future)
Risk Actions then are detailed and allocated to individuals with
progress percentages achieved against target dates, with commentary
on the current position. This provides the Revised
‘Target’ Risk Score which assumes that all the risk
actions have been successfully delivered.
The Risk Owners of Strategic Risks will always
be an Executive Leadership Team (ELT) officer. They may bring with
them to Committee other officers who are more closely connected to
the mitigating work.
Three areas of enquiry are suggested to be
explored by the A&S Committee:
1. Is the
Risk Description appropriately defined? Does the Committee
understand the cause and potential consequences? Does the Committee
feel reassured by existing controls?
2. Is the
Committee reassured that each (future) Risk Action either reduces
the impact or the likelihood of the risk? Are members reassured
that risk actions are actually being delivered?
3. In respect
of the Initial ‘Current’ and Revised
‘Target’ Risk Scores, does the Committee feel
comfortable with Risk Owner’s assessment? The Revised
‘Target’ Risk Score represents the risk level that the
organisation is prepared to accept.
How Members and
officers can input on Strategic Risks (SRs)
The risk management process benefits from
input by Council Members and by officers at all levels. The
opportunities to do this are:
Members to ELT leads:
·
Any Member can approach an ELT lead with risks that they
foresee.
·
Any risk suggestion from Members will be reviewed by ELT and any
actions taken will be reported back to the relevant Member(s).
·
Each SR is discussed between Members and ELT leads at the regular
meetings with Committee Chairs.
Officers to Line Manager, Directorate
Management Team (DMT) or corporate risk management lead:
·
All officers are expected to escalate risks and/or or suggest
mitigations to their line managers, in line with the Behaviour
Framework. If officers feel they do not have appropriate
access to their line managers, they may escalate the risk to the
corporate programme manager responsible for risk management to seek
advice.
·
Risks may get discussed as part of staff meetings, PDPs/121s/ team
and service meetings or part of projects or programmes. Any
significant risks to be escalated through to their Head of Service/
Assistant Director to raise through the management chain and
discuss at quarterly DMT risk reviews.
·
The ELT lead within a directorate will discuss escalated risks with
the DMT and will seek assistance as required. They have access to
ELT and determine the way forward in consultation with the
corporate programme manager responsible for risk management.
DMT to ELT:
·
The quarterly SR review at ELT includes a summary of Directorate
Risks reviewed at DMTs.
·
The ELT lead within a directorate will discuss escalated risks with
the ELT and determine the way forward i.e. whether to amend the
Strategic Risk Register.