Issue - meetings

To receive a report by the Internal Audit Manager.

The Internal Audit Manager summarised the risks affecting the Council as outlined in the report, and highlighted:-

·         Project Management

·         Information Governance (Organisational Measures)

·         Resilience, Resources and Capacity

·         Acquisitions and Investments (Rental income)

However, the lack of a robust GDPR project plan offers further scope for improvement, particularly in the IAR (Information Asset Register) area.

It was pointed out by officers that there is a detailed action plan for all service areas to follow through to completion the lower priority aspects of the GDPR requirements which have not been fully implemented yet. Progress of these plans will be monitored on a regular basis by Management Team.

The Committee discussed a number of risks associated with segregation of duties, which is seen to be a long standing issue, given the scale of the Council and some of the service teams.

This was raised particularly with respect to systems administration duties..

The Internal Audit Manager said that some issues are being managed more locally and that she would recommend that Managers regularly review the Audit Logs as a set of controls which help mitigate segregation of duties risks.

During the discussion on the Risk Register, Members asked questions on the following, to which the Internal Audit Manager responded:-

·         Recruitment and retention

·         Acquisition projects

·         Risk Plan

The Corporate Risk Register was considered to be an accurate reflection of the high level risks affecting the Authority and progress on actions was documented on the Register.

Resolved that:

1.    The contents of the Corporate Risk Register be noted and accepted;

2.   That the Corporate Risk Register be recommended to Cabinet for approval.