Reconciliation between Corporate Risk Register and new governance assurance areas

Current CRR Risk	Analysis / Comment	What aspects of governance are needed to address this?	New suggested ‘headline’ assurance wording / Assurance description
1	Housing - Addressing affordable housing supply and demand to meet local need	This is an area of strategic (and continuing) focus. Statistics should be presented and examined at the relevant Committee. This will also be overseen and managed through the Regeneration and Housing Theme in the IRP.	Key governance assurance themes: · Understanding housing demand · Engagement with Registered Providers · Ensuring professional and timely advice (capacity/resilience) · Ensuring guiding policies and procedures remain effective · Relevant Committee scrutiny is effective · Housing need assessment processes are in place and effective · Homelessness service is effective	Ensuring we address affordable housing supply and demand to meet local need. It is a key strategic priority for the Council to facilitate and enable the provision of affordable housing in a period of increasing need and demand and with a reduction in suitable accommodation. This is of course a national issue. We have in place a range of policies, procedures and initiatives that aim to support this priority. The X Committee will receive regular reports on progress. The Audit Committee will receive reports providing assurance regarding the governance in place.
2	Housing - Local Plan	The progress of this should be overseen at the appropriate Committee.	Managed at the relevant Committee.	N/A
3	Economy - National and regional threats to local economic prosperity	This is an area of strategic (and continuing) focus. Focus is on how the Council is working with businesses, Staines BID, Spelthorne Business Forum, etc., to provide business support, business rate relief etc.	Key governance assurance themes: · Having the appropriate information regarding: · Measuring footfall · Number of new businesses · Monitoring employment and unemployment figures To facilitate interventions and support.	Ensuring an inclusive and prosperous economy. Having an inclusive and prosperous local economy is critical for a thriving community. The Council aims to work closely with businesses to ensure their sustainability and to support those looking for work to improve their skills and find employment. The Council therefore needs to ensure it has the appropriate arrangements in place to ensure how it works with partners is effective to maximise the value of the area’s economy. The BIG Committee will monitor the specifics of the how the various initiatives are working.
4	Financial Resilience and Commercial Assets - Commercial investment portfolio	Given this is a key part of the IRP, this should be incorporated into the assurances regarding the oversight and governance of the IRP and more generally in assurances on the effectiveness of financial management (new assurance area).	The governance and processes for managing the commercial investments portfolio are covered in the detailed theme in the IRP. This also links more generally to ensuring effective financial management, longer-term financial planning and asset management. A new area of strategic focus is proposed of ensuring effective financial which would cover the management of the investment portfolio.	To be incorporated into the assurance about the governance of the IRP.
5	Financial Resilience and Supporting Communities - Managing increased costs and demands for services	Again, whilst important this should be incorporated into the assurances on the Council’s strategic financial planning and financial management arrangements which is covered in a new area of focus.		Reflected in a new assurance area covering financial management and planning.
6	Financial Resilience and Supporting Communities - Reducing debt	Again, whilst important this is another element of financial management and resilience, and the IRP, and therefore not needed as a specific area of assurance.	CP&R should receive information about this within specific reports and/or within general financial management reports.	N/A
7	Climate Change - Climate Change threat, impact and response	This is an area of strategic (and continuing) focus.	There are key links with this and emergency resilience, which will be a new specific area of strategic assurance. Key areas to provide assurance on could be: · Climate Change Strategy and action plan oversight and reporting · Awareness / communication · Oversight arrangements · Business / service planning · Funding · Data and KPIs · Influencing property development · Greener futures strategy · Wider emergency planning and business continuity arrangements	Ensuring we meet our zero carbon targets and wider environmental responsibilities. Climate change poses a significant risk to society as well as the Council. It is well documented that the likelihood of severe and extreme weather events is increasing. It is therefore the Council’s duty to do what it can to directly and indirectly minimise our environmental impact and ready ourselves in the event of a serious weather event. Assurances are needed therefore that appropriate strategies and policies are in place and effective, they are understood and complied with, and our emergency resilience and business continuity arrangement are in place and tested. Note – there should be a specific assurance theme for emergency resilience.
8	Climate Change - Integration into decision making and targets	Combined with 7 above
9	Corporate Capacity, Resources, Recruitment and Retention - Corporate Capacity	Combine 9 and 10. This is an area of strategic (and continuing) focus.	Key areas to provide assurance on could be: · workforce capacity / analysis / vacancies / use of agency/interims · retention · recruitment – robust but flexible process · general workforce capability · monitoring morale and welfare (exhaustion, fragility and stress) – use of specific and general staff surveys · sickness absence monitoring and management / occupational health referrals · change management arrangements · staff wellbeing support · monitoring key performance indicators And the implications of these on organisational resilience especially during periods of significant pressure, uncertainty and organisational change.	Ensuring and maintaining organisational resilience. The effective and efficient delivery of Council services and responsibilities relies significantly on our workforce at every level. At all times, but especially in periods of significant pressure and uncertainty, it is critical that we have the appropriate policies, procedures, practices and interventions. As well as our duties to deliver critical services, the Council has a duty of care to our workforce. The Council has seen major problems regarding the retention and recruitment of staff and a rise in wellbeing issues leading to increased absence. Whilst this is a problem that many Councils face, we have a series of significant challenges that requires a supported and resilient workforce.
10	Corporate Capacity, Resources, Recruitment and Retention - Recruitment and Retention
11	Equality, Diversity and Inclusivity - Coordinated approach to legislative requirements	This is an area of strategic (and continuing) focus.	Key areas to provide assurance on could be: · Training and awareness – officers and members · EDI impact assessments · EDI champions / EDI network · Oversight of the E&D Policy / ED&I Strategy (shortly to be approved) · Procurement strategy / standard contract terms · Equal pay / gender pay gap statistics and performance	Ensuring we meet our EDI duties and responsibilities. We have a duty to adhere to the Equality Act (2010). It is a priority for the Council to ensure we have workplace practices and deliver services that meet the required and expected standards to promote equal opportunities, diversity and inclusivity. We will seek to ensure we uphold and demonstrate our commitment to equality, diversity and inclusivity. We therefore need to ensure we allocate the necessary resources and harness the required skills and expertise to develop, promote and support implementation of our Equality and Diversity Policy.
12	Local Government Reorganisation - Strategic decisions	This is an area of strategic (and continuing) focus. This is in effect a major project / change programme and as such assurances are needed regarding its governance – how specific activities are identified, planned, undertaken alongside normal Council activity, and their delivery reported to members. Although this is a major project and change, the Council’s project and change management arrangements should be followed. The CP&R Committee has the remit to examine the key issues and implications of LGR.	Key areas to provide assurance on could be: · Project and programme management · Change management · HR governance – for wellbeing issues, workload management, supervision, management and leadership · Communications	Ensure our programme and change management arrangements are effective to support the successful transition to the new unitary council. The recent announcement of the intended structure of local government in Surrey presents probably the biggest project the Council has faced. Whilst there are many facets to the transition into the new authority, it is in effect a project and change management programme which will rely on a robust but flexible approach to ensure success. It is therefore critical that the Council has the ability to manage such a major project whilst maintaining essential services and supporting our workforce.
13	Local Government Reorganisation - Managing Change
14	Response to External Audit/Best Value Inspection Recommendations - Value for Money/Audit Findings	Not a risk as such and is just part of good management that MAT needs to have assurance on. This should be picked up through a KPI (quarterly) that goes to CP&R for specific challenge and included in the process to produce the Annual Governance Statement. It is a valid report for the Audit Committee though and presented (owned) by a member of MAT.	Although not a specific inclusion in the new governance approach, this is something that should still go to Audit Committee. For the Audit Committee this is more about seeing progress rather than the specifics and therefore being assured of the process for monitoring and management the implementation of recommendations.	Removed from CRR
15	Procurement and Contract Management	This is an area of strategic (and continuing) focus. Assurance focus is having the necessary policies, strategies and procedures in place, and evidence that they are complied with, to ensure the Council procures with due regard to demonstrating best value and value for money and that its contracts are managed such that the services or goods under contract are delivered on time and to the specified standard.	Key areas to provide assurance on could be: · Relevant policies and strategies · Guidance, training and support · Contract Procedure Rules / Contract Standing Orders in place that are up to date · Appropriate KPIs / statistics · Contracts register · Effectiveness / outcomes / influence of the Procurement Board · Securing social value	Ensuring effective procurement and contract management arrangements. The Council procures goods and services and enters into contracts to deliver its services. It is therefore essential that we can demonstrate the achievement of value for money from those purchases and contracts to support our effective use of resources and good financial management and planning.
NEW	IRP [this is of such corporate significance that the Audit Committee should have assurances around the governance of how it will be delivered.]	Assurance focus should be through the governance arrangements in place for the delivery of the IRP and that CP&R will be overseeing the detailed delivery of the IRP.	Again, like LGR, this is a project and so the focus of assurances at a ‘strategic’ level should be around programme and change management. Significant assurance should be gained / provided from the framework that has been used to develop the IRP and then manage it. The delivery focus should be through CP&R and any wider governance issues being brought out / referred to the Audit Committee.	Ensuring there are effective governance arrangements in place to deliver the IRP. The appointment of Commissioners by MHCLG has required the Council to develop an Improvement and Recovery Plan (IRP). This is a significant programme of reviews and improvements to create stability in key operational areas and address underlying financial sustainability issues. The IRP has its own governance framework and is overseen by the CP&R Cttee. It is however a major challenge for the Council and one that requires effective governance to deliver.
NEW	Ensuring the Council’s financial management and long-term planning arrangements are effective to secure financial sustainability.	A key focus (for any Council). Beyond the actual scrutiny of budget management is to have the necessary financial management arrangements in place. Having confidence that the necessary financial management arrangements exist, are in place and being complied with is a major source of assurance for a Council. This assurance area is NOT about the actual figures – whether a budget is over/under-spending (which falls in the remit of CP&R), but it is about financial governance – the framework of policies, procedures and practices that ensure budget holders know what their responsibilities are, and are trained and supported, the financial information provided is timely and accurate (ideally alongside performance information), budget monitoring reports are produced promptly and accurately containing sufficient information to assure abut also to prompt interventions to address any significant variance.	Key areas to provide assurance on could be: · Financial procedures and policies are in place – reserves, borrowing, investments, fees and charges etc. · Up-to-date Financial Regulations · A robust and updated MTFS · Budget setting guidance · Budget monitoring guidance · Capital strategy and programme · Financial reporting – Member scrutiny · Budget holder training / financial competency framework · Capacity and expertise of the Finance Team [It would however be appropriate for the Audit Committee to receive the quarterly budget monitoring report that goes to CP&R by way of seeing the above arrangements in place and working.] It would be important also not to duplicate financial challenge but to see and be assured of the arrangements in place	Ensuring the Council’s financial management and long-term planning arrangements are effective to secure financial sustainability. Maintaining control and accountability of the Council’s finances is one of our fundamental responsibilities, As such we need to have in place an effective and efficient financial management framework that enables us to manage our financial resources to meet our corporate objectives. The Council is under extreme pressure to demonstrate how it can manage its budget and ensure financial sustainability moving forward. Irrespective of the actual financial resources the Council has, we need to have a sound financial management framework in place.
NEW	Emergency resilience and business continuity	This is an area of strategic (and continuing) focus.	Key areas to provide assurance on could be: · Corporate resilience plan in place · Service business continuity plans (up to date) · Specific ER / BC plans in place – flooding, large scale evacuations, national events · Gold, Silver and Bronze command response arrangements · Periodic testing of ER / BC plans undertaken · Lesson learned log in place · Training and awareness – general and role specific · County wide Resilience Forum arrangements	Ensuring the Council has robust mechanisms in place to prepare for, respond to and recover from civil emergencies and business interruptions. This is critical to comply with our statutory duties as a Category One responder under the Civil Contingencies Act 2004. Having the necessary arrangements in place is also essential to ensure the Council can minimise any interruptions to the delivery of its services. There are clearly links to other key areas of assurance like our environmental responsibilities, our wider organisational resilience and dealing with a cyber-attack or general IT outage.
NEW	Cyber resilience	This is an area of strategic (and continuing) focus.	Key areas to provide assurance on could be: · Cyber security strategy · IT policies and procedures (covering patching, penetration testing etc.) · IT security accreditations (PSN, cyber essentials / plus) · Membership of a WARP group and use of NCSC / CAF · High levels of staff awareness (covering remote working, AI, passwords etc.) · Mandatory training for officers and members · KPIs covering attack attempts, data incidents etc. · Use of simulated phishing and password cracking exercises · Incident management procedures	There is a need to recognise the increasing and constant threat of a cyber-attack against the Council which could have catastrophic consequences for the loss of systems as well as reputational damage and potential financial loss. Unfortunately, local councils and the wider public sector face an increased likelihood of suffering a successful cyber-attack. We therefore need to have in place all reasonable and practical measures to prevent an attack and minimise its impact should it be successful and be able to respond and recover as quickly as possible.
NEW	Countering the threat of fraud	This is an area of strategic (and continuing) focus.	Key areas to provide assurance on could be: · Anti-fraud strategy · Full suite of anti-fraud policies, procedures and guidance · Regular fraud vulnerability assessments across the Council · Effective arrangements for confidential reporting (whistleblowing) · General and role specific training and awareness for officers and members · Participation in national fraud awareness week / other initiatives and events	There is a need to recognise the increasing threat of fraud being committed against the Council. The Council, and wider public sector, has limited resources and must protect them against loss or misuse through fraud, theft, bribery or corruption. The threats of fraud may come from a cyber-attack, insider fraud, organised crime or opportunism. It is therefore essential that the Council has a robust framework of policies, procedure and practices that minimise the chance of fraud being committed and in fraud incidents we are able to spot them, identify the cause, identify the perpetrators, hold them to account and importantly improve our controls if they are found to have been compromised.

Current CRR Risk

Analysis / Comment

What aspects of governance are needed to address this?

New suggested ‘headline’ assurance wording / Assurance description

Housing - Addressing affordable housing supply and demand to meet local need

This is an area of strategic (and continuing) focus.

Statistics should be presented and examined at the relevant Committee.

This will also be overseen and managed through the Regeneration and Housing Theme in the IRP.

Key governance assurance themes:

· Understanding housing demand

· Engagement with Registered Providers

· Ensuring professional and timely advice (capacity/resilience)

· Ensuring guiding policies and procedures remain effective

· Relevant Committee scrutiny is effective

· Housing need assessment processes are in place and effective

· Homelessness service is effective

Ensuring we address affordable housing supply and demand to meet local need.

It is a key strategic priority for the Council to facilitate and enable the provision of affordable housing in a period of increasing need and demand and with a reduction in suitable accommodation. This is of course a national issue.

We have in place a range of policies, procedures and initiatives that aim to support this priority. The X Committee will receive regular reports on progress. The Audit Committee will receive reports providing assurance regarding the governance in place.

Housing - Local Plan

The progress of this should be overseen at the appropriate Committee.

Managed at the relevant Committee.

N/A

Economy - National and regional threats to local economic prosperity

This is an area of strategic (and continuing) focus.

Focus is on how the Council is working with businesses, Staines BID, Spelthorne Business Forum, etc., to provide business support, business rate relief etc.

Key governance assurance themes:

· Having the appropriate information regarding:

· Measuring footfall

· Number of new businesses

· Monitoring employment and unemployment figures

To facilitate interventions and support.

Ensuring an inclusive and prosperous economy.

Having an inclusive and prosperous local economy is critical for a thriving community. The Council aims to work closely with businesses to ensure their sustainability and to support those looking for work to improve their skills and find employment.

The Council therefore needs to ensure it has the appropriate arrangements in place to ensure how it works with partners is effective to maximise the value of the area’s economy.

The BIG Committee will monitor the specifics of the how the various initiatives are working.

Financial Resilience and Commercial Assets - Commercial investment portfolio

Given this is a key part of the IRP, this should be incorporated into the assurances regarding the oversight and governance of the IRP and more generally in assurances on the effectiveness of financial management (new assurance area).

The governance and processes for managing the commercial investments portfolio are covered in the detailed theme in the IRP.

This also links more generally to ensuring effective financial management, longer-term financial planning and asset management.

A new area of strategic focus is proposed of ensuring effective financial which would cover the management of the investment portfolio.

To be incorporated into the assurance about the governance of the IRP.

Financial Resilience and Supporting Communities - Managing increased costs and demands for services

Again, whilst important this should be incorporated into the assurances on the Council’s strategic financial planning and financial management arrangements which is covered in a new area of focus.

Reflected in a new assurance area covering financial management and planning.

Financial Resilience and Supporting Communities - Reducing debt

Again, whilst important this is another element of financial management and resilience, and the IRP, and therefore not needed as a specific area of assurance.

CP&R should receive information about this within specific reports and/or within general financial management reports.

N/A

Climate Change - Climate Change threat, impact and response

This is an area of strategic (and continuing) focus.

There are key links with this and emergency resilience, which will be a new specific area of strategic assurance.

Key areas to provide assurance on could be:

· Climate Change Strategy and action plan oversight and reporting

· Awareness / communication

· Oversight arrangements

· Business / service planning

· Funding

· Data and KPIs

· Influencing property development

· Greener futures strategy

· Wider emergency planning and business continuity arrangements

Ensuring we meet our zero carbon targets and wider environmental responsibilities.

Climate change poses a significant risk to society as well as the Council. It is well documented that the likelihood of severe and extreme weather events is increasing. It is therefore the Council’s duty to do what it can to directly and indirectly minimise our environmental impact and ready ourselves in the event of a serious weather event. Assurances are needed therefore that appropriate strategies and policies are in place and effective, they are understood and complied with, and our emergency resilience and business continuity arrangement are in place and tested.

Note – there should be a specific assurance theme for emergency resilience.

Climate Change - Integration into decision making and targets

Combined with 7 above

Corporate Capacity, Resources, Recruitment and Retention - Corporate Capacity

Combine 9 and 10.

This is an area of strategic (and continuing) focus.

Key areas to provide assurance on could be:

· workforce capacity / analysis / vacancies / use of agency/interims

· retention

· recruitment – robust but flexible process

· general workforce capability

· monitoring morale and welfare (exhaustion, fragility and stress) – use of specific and general staff surveys

· sickness absence monitoring and management / occupational health referrals

· change management arrangements

· staff wellbeing support

· monitoring key performance indicators

And the implications of these on organisational resilience especially during periods of significant pressure, uncertainty and organisational change.

Ensuring and maintaining organisational resilience.

The effective and efficient delivery of Council services and responsibilities relies significantly on our workforce at every level. At all times, but especially in periods of significant pressure and uncertainty, it is critical that we have the appropriate policies, procedures, practices and interventions. As well as our duties to deliver critical services, the Council has a duty of care to our workforce.

The Council has seen major problems regarding the retention and recruitment of staff and a rise in wellbeing issues leading to increased absence.

Whilst this is a problem that many Councils face, we have a series of significant challenges that requires a supported and resilient workforce.

Corporate Capacity, Resources, Recruitment and Retention - Recruitment and Retention

Equality, Diversity and Inclusivity - Coordinated approach to legislative requirements

This is an area of strategic (and continuing) focus.

Key areas to provide assurance on could be:

· Training and awareness – officers and members

· EDI impact assessments

· EDI champions / EDI network

· Oversight of the E&D Policy / ED&I Strategy (shortly to be approved)

· Procurement strategy / standard contract terms

· Equal pay / gender pay gap statistics and performance

Ensuring we meet our EDI duties and responsibilities.

We have a duty to adhere to the Equality Act (2010). It is a priority for the Council to ensure we have workplace practices and deliver services that meet the required and expected standards to promote equal opportunities, diversity and inclusivity.

We will seek to ensure we uphold and demonstrate our commitment to equality, diversity and inclusivity.

We therefore need to ensure we allocate the necessary resources and harness the required skills and expertise to develop, promote and support implementation of our Equality and Diversity Policy.

Local Government Reorganisation - Strategic decisions

This is an area of strategic (and continuing) focus.

This is in effect a major project / change programme and as such assurances are needed regarding its governance – how specific activities are identified, planned, undertaken alongside normal Council activity, and their delivery reported to members.

Although this is a major project and change, the Council’s project and change management arrangements should be followed.

The CP&R Committee has the remit to examine the key issues and implications of LGR.

Key areas to provide assurance on could be:

· Project and programme management

· Change management

· HR governance – for wellbeing issues, workload management, supervision, management and leadership

· Communications

Ensure our programme and change management arrangements are effective to support the successful transition to the new unitary council.

The recent announcement of the intended structure of local government in Surrey presents probably the biggest project the Council has faced. Whilst there are many facets to the transition into the new authority, it is in effect a project and change management programme which will rely on a robust but flexible approach to ensure success.

It is therefore critical that the Council has the ability to manage such a major project whilst maintaining essential services and supporting our workforce.

Local Government Reorganisation - Managing Change

Response to External Audit/Best Value Inspection Recommendations - Value for Money/Audit Findings

Not a risk as such and is just part of good management that MAT needs to have assurance on.

This should be picked up through a KPI (quarterly) that goes to CP&R for specific challenge and included in the process to produce the Annual Governance Statement.

It is a valid report for the Audit Committee though and presented (owned) by a member of MAT.

Although not a specific inclusion in the new governance approach, this is something that should still go to Audit Committee.

For the Audit Committee this is more about seeing progress rather than the specifics and therefore being assured of the process for monitoring and management the implementation of recommendations.

Removed from CRR

Procurement and Contract Management

This is an area of strategic (and continuing) focus.

Assurance focus is having the necessary policies, strategies and procedures in place, and evidence that they are complied with, to ensure the Council procures with due regard to demonstrating best value and value for money and that its contracts are managed such that the services or goods under contract are delivered on time and to the specified standard.

Key areas to provide assurance on could be:

· Relevant policies and strategies

· Guidance, training and support

· Contract Procedure Rules / Contract Standing Orders in place that are up to date

· Appropriate KPIs / statistics

· Contracts register

· Effectiveness / outcomes / influence of the Procurement Board

· Securing social value

Ensuring effective procurement and contract management arrangements.

The Council procures goods and services and enters into contracts to deliver its services. It is therefore essential that we can demonstrate the achievement of value for money from those purchases and contracts to support our effective use of resources and good financial management and planning.

NEW

IRP

[this is of such corporate significance that the Audit Committee should have assurances around the governance of how it will be delivered.]

Assurance focus should be through the governance arrangements in place for the delivery of the IRP and that CP&R will be overseeing the detailed delivery of the IRP.

Again, like LGR, this is a project and so the focus of assurances at a ‘strategic’ level should be around programme and change management.

Significant assurance should be gained / provided from the framework that has been used to develop the IRP and then manage it.

The delivery focus should be through CP&R and any wider governance issues being brought out / referred to the Audit Committee.

Ensuring there are effective governance arrangements in place to deliver the IRP.

The appointment of Commissioners by MHCLG has required the Council to develop an Improvement and Recovery Plan (IRP). This is a significant programme of reviews and improvements to create stability in key operational areas and address underlying financial sustainability issues.

The IRP has its own governance framework and is overseen by the CP&R Cttee.

It is however a major challenge for the Council and one that requires effective governance to deliver.

NEW

Ensuring the Council’s financial management and long-term planning arrangements are effective to secure financial sustainability.

A key focus (for any Council).

Beyond the actual scrutiny of budget management is to have the necessary financial management arrangements in place.

Having confidence that the necessary financial management arrangements exist, are in place and being complied with is a major source of assurance for a Council.

This assurance area is NOT about the actual figures – whether a budget is over/under-spending (which falls in the remit of CP&R), but it is about financial governance – the framework of policies, procedures and practices that ensure budget holders know what their responsibilities are, and are trained and supported, the financial information provided is timely and accurate (ideally alongside performance information), budget monitoring reports are produced promptly and accurately containing sufficient information to assure abut also to prompt interventions to address any significant variance.

Key areas to provide assurance on could be:

· Financial procedures and policies are in place – reserves, borrowing, investments, fees and charges etc.

· Up-to-date Financial Regulations

· A robust and updated MTFS

· Budget setting guidance

· Budget monitoring guidance

· Capital strategy and programme

· Financial reporting – Member scrutiny

· Budget holder training / financial competency framework

· Capacity and expertise of the Finance Team

[It would however be appropriate for the Audit Committee to receive the quarterly budget monitoring report that goes to CP&R by way of seeing the above arrangements in place and working.]

It would be important also not to duplicate financial challenge but to see and be assured of the arrangements in place

Ensuring the Council’s financial management and long-term planning arrangements are effective to secure financial sustainability.

Maintaining control and accountability of the Council’s finances is one of our fundamental responsibilities, As such we need to have in place an effective and efficient financial management framework that enables us to manage our financial resources to meet our corporate objectives.

The Council is under extreme pressure to demonstrate how it can manage its budget and ensure financial sustainability moving forward. Irrespective of the actual financial resources the Council has, we need to have a sound financial management framework in place.

NEW

Emergency resilience and business continuity

This is an area of strategic (and continuing) focus.

Key areas to provide assurance on could be:

· Corporate resilience plan in place

· Service business continuity plans (up to date)

· Specific ER / BC plans in place – flooding, large scale evacuations, national events

· Gold, Silver and Bronze command response arrangements

· Periodic testing of ER / BC plans undertaken

· Lesson learned log in place

· Training and awareness – general and role specific

· County wide Resilience Forum arrangements

Ensuring the Council has robust mechanisms in place to prepare for, respond to and recover from civil emergencies and business interruptions.

This is critical to comply with our statutory duties as a Category One responder under the Civil Contingencies Act 2004.

Having the necessary arrangements in place is also essential to ensure the Council can minimise any interruptions to the delivery of its services. There are clearly links to other key areas of assurance like our environmental responsibilities, our wider organisational resilience and dealing with a cyber-attack or general IT outage.

NEW

Cyber resilience

This is an area of strategic (and continuing) focus.

Key areas to provide assurance on could be:

· Cyber security strategy

· IT policies and procedures (covering patching, penetration testing etc.)

· IT security accreditations (PSN, cyber essentials / plus)

· Membership of a WARP group and use of NCSC / CAF

· High levels of staff awareness (covering remote working, AI, passwords etc.)

· Mandatory training for officers and members

· KPIs covering attack attempts, data incidents etc.

· Use of simulated phishing and password cracking exercises

· Incident management procedures

There is a need to recognise the increasing and constant threat of a cyber-attack against the Council which could have catastrophic consequences for the loss of systems as well as reputational damage and potential financial loss.

Unfortunately, local councils and the wider public sector face an increased likelihood of suffering a successful cyber-attack. We therefore need to have in place all reasonable and practical measures to prevent an attack and minimise its impact should it be successful and be able to respond and recover as quickly as possible.

NEW

Countering the threat of fraud

This is an area of strategic (and continuing) focus.

Key areas to provide assurance on could be:

· Anti-fraud strategy

· Full suite of anti-fraud policies, procedures and guidance

· Regular fraud vulnerability assessments across the Council

· Effective arrangements for confidential reporting (whistleblowing)

· General and role specific training and awareness for officers and members

· Participation in national fraud awareness week / other initiatives and events

There is a need to recognise the increasing threat of fraud being committed against the Council.

The Council, and wider public sector, has limited resources and must protect them against loss or misuse through fraud, theft, bribery or corruption.

The threats of fraud may come from a cyber-attack, insider fraud, organised crime or opportunism. It is therefore essential that the Council has a robust framework of policies, procedure and practices that minimise the chance of fraud being committed and in fraud incidents we are able to spot them, identify the cause, identify the perpetrators, hold them to account and importantly improve our controls if they are found to have been compromised.