Agenda item

Presentation by Service Director Customer and Communities on the strategic and operational risks facing the Service and the internal controls and governance in place to manage / mitigate those risks to demonstrate how risk management is embedded within services.(Verbal presentation.)

The Chairman welcomed Ms Jenni Craig, Service Director Customer and Communities, to the meeting.  Ms Craig was in attendance to give a presentation on the strategic risks affecting her service and the internal controls and governance in place to manage and mitigate those risks.   Ms Craig began by providing some background and explained that the areas covered by Customer and Communities, namely Customer Advice and Support; Business Change and Programme Management; Business Planning, Performance and Policy Development; and Communities and Partnerships each had Service Risk Registers.  These Registers were reviewed on a quarterly basis and had been developed through the Business Planning Process.  They were owned by the Service Managers, reviewed by the Service Directors and Management Team and were escalated to CMT when necessary.  The key factors and major changes influencing the service included: financial pressures; resources and the changing demand on the skills mix required; changing service delivery models; the increasing demand and requirement for IT; Government policies and legislation; Welfare Reform; and economic and environmental change.  In terms of the key skills now required, work was ongoing with HR to ensure that these skills were in place both to enable staff to meet the increasing demand by the public and to allow the public to access Council services.  Government policies and legislation could have tight implementation timescales with increased staff resources required, eg Universal Credit which had to be implemented by 13 June 2018, and risk could increase as a result.  Current risks in the main were driven by service responsibility and included: failure of IT systems; unprepared for significant legislative change; ineffective change management to modernise the organisation; insufficient skilled resources to meet service demands; focussing on short-term savings which could result in failure to achieve objectives/targets and damage to the Council’s reputation; not meeting customer service expectations; and unable to demonstrate best value due to failure to embed a self-assessment approach across the organisation.  The Corporate Risk relating to a focus on short-term savings currently scored 9 (amber) on the Register and Ms Craig explained what mitigation had been and would be implemented.  Management was working towards aligning Business Plans and Service Plans with available resources in order to reduce the risk.  The Service Risk relating to major legislative and economic/social change which could result in increased demand on services and the ability of the service to provide customers with the help, advice and statutory assistance required currently scored 12 (high amber treat) on the Register.  Again, Ms Craig explained what mitigation had been and would be implemented and this included exploring opportunities for Community Planning Partnership joint working; and having a flexible resource and agile methods such as manual work arounds when there was a need to react to late legislation.  Single points of failure would also be identified and addressed to reduce risk.  Ms Craig advised that within the Digital Customer Access Project, lack of resources within SBC and the potential impact on delivery of the project scored 12 on the Risk Register.  Any resultant delays in delivery and benefits could potentially result in additional costs to the Council.  Members noted the mitigation measures being implemented and the aim to provide a “seamless” experience for customers within a complex landscape.  Ms Craig summarised the Service’s approach to managing risk which included: adhering to a consistent corporate process and framework; effectively managing projects, programmes and change; delivering risk workshops as a key aspect of the Business Planning Process; conducting self-evaluation, inspections and internal/external scrutiny; delivering effective and appropriate training; and regular monitoring of strategic service and operation risks and performance indicators.

4.2       Ms Craig responded to a number of questions raised by Members.  In terms of an internal communications strategy going forward, Ms Craig advised that work was ongoing to develop an internal communications plan for staff and arrangements were being considered for a programme of Roadshows across the Council area.  Appropriate consultation was also taking place.  The plan would be circulated to Members in due course.  With regard to security of the IT network and pressure during severe winter conditions, the Chief Financial Officer explained how the huge increase in staff trying to access the Council network remotely caused severe pressure on the IT firewall.  A decision was made to close off system access to staff to preserve access for those delivering emergency/essential services.  Measures would be in place to avoid this situation in the future.  In terms of Corporate Management involvement, Members were advised that Welfare Reform and Universal Credit were live issues and were being addressed by both the Service and Corporately.  Further to the development of an Action Plan and staff training, additional work was being taken forward to consider what changes would now be required following the implementation of the new GDPR regulations.  Ms Stacey confirmed that Information Governance, which included GDPR, and Workforce Planning were included on the Internal Audit Work Schedule for 2018/19.  The Chairman thanked Ms Craig for her interesting and comprehensive presentation.

DECISION

            NOTED the presentation.