Issue - meetings

The Head of Assurance (HoA) updated the Committee. It is the responsibility of all managers to manage risks within their remit. The HoA explained that he provided support and advice to managers in risk management but is not responsible management of risks themselves. Each risk owner had undertaken an assessment of their area, and this was discussed at a corporate level to ensure regular monitoring.

There were fourteen risks on the risk register at the last review and this remains the case at this review. One risk, relating to data centre failure, had been removed whilst another risk, relating to cybersecurity compromise had been added.

The data centre failure risk was removed because the Council had improved its IT environment and the Council’s core infrastructure was cloud hosted. The HoA stressed that the risk had not been completely eliminated and remained under review, however it was no longer a core risk.

In relation to cybersecurity, the HoA noted that three local authorities had been affected by high profile cybersecurity incidents which affected service provision, data loss or compromise and imposed substantial financial costs.

The Committee noted the update.