Issue - meetings

Strategic Risk Register – Monitoring 2020/21 Quarter 3 and Proposed Content for 2021/22

Meeting: 16/03/2021 - Audit and Governance Committee (Item 425)

425 Strategic Risk Register – Monitoring 2020/21 Quarter 3 and Proposed Content for 2021/22 pdf icon PDF 99 KB

Additional documents:

Minutes:

The Insurance and Risk Business Advisor introduced the report and highlighted the main points to Members.

 

Councillor Stowe thanked Officers for their work on the new format which he said was clearer and included more useful information.

 

The Head of Strategic Finance and Property agreed, at the request of the Chairman, that each vulnerability could be added to the matrix in text, rather than numerically, to make it more immediately comprehendible.

 

The Chairman asked whether the potential impact of cyber-attacks had been underestimated. He also asked whether the risk of the Council being held to ransom over a cyber-attack had been appropriately considered.

 

The Insurance and Risk Business Advisor said that the Deputy Chief Executive had previously answered to the Committee on the scoring relating to cyber-attacks but these concerns could be fed back to Leadership Team. Further work was being done on mitigating the risks of ransomware attacks and the Council was in discussions about ascertaining insurance cover for this scenario.

 

The Head of Strategic Finance and Property assured Members there were stringent manual controls on payments to prevent scams succeeding by impersonation or otherwise.

 

The Chairman and Councillor Ward-Booth said that an important mitigation of risk in terms of data protection was the hiring of a Data Protection Manager.

 

The Head of Legal and Democratic Services and the Scrutiny Officer said that the Data Protection Manager would report regularly to the Committee on these matters, starting at the May meeting of the Committee.

 

RESOLVED – that the report be received.