Agenda item

The report highlighted actions taken in respect of corporate risk since the last Audit Committee meeting.

The latest review of the corporate risk register had identified one new risk which warranted consideration for inclusion on the corporate risk register:-

The Cyber Security

The Cyber Security threat landscape had changed significantly which had been witnessed globally, regionally and across multiple emergency services and local authorities.

Best practice standards set by the National Cyber security Centre (NCSC) had adapted according to the change in the threat landscape, which meant it was far more challenging to remain compliant.

Government organisations were routinely and relentlessly targeted: of the 777 incidents managed by the National Cyber Security Centre between September 2020 and August 2021, around 40% were aimed at the public sector. This upward trend showed no signs of abating.

The Service had achieved the Cyber Essentials Plus certification, which had to be refreshed every 12 months. The next re certification involved the prompt replacement of aging hardware/software as well as bringing in scope remote working, Wi-Fi security as well as several other areas which had previously been out of scope. The e-mail systems had been fully refreshed and the Service would be migrating all mailboxes to 365 for even better security and feature enhancements. 

A Cyber Security Strategy and subsequent options paper had been agreed, identifying areas requiring investment, such as next generation Firewalls. The Service had been aligning with the National Cyber Security Centre best practice security framework and would continue to do so as it developed. It was classed as high-risk due to the scale of attack and the potential impact of such attacks.

An updated corporate risk register was considered by Members with changes summarised in the report. The Director of Corporate Services highlighted the following key areas:-

Risk no. 3 – Insufficient staffing resources

The position regarding the national pay award would continue to be monitored. IMT meetings would continue to be held to review the situation and on-going plans to minimise the risk. The number and location of potential appliances would be identified, and the internal and external communication plans would be developed.

Risk no. 26 – Increase in costs and administration associated with changes to pensions

The Service continued to see extended lead times on the majority of items, as an example LGV fleet vehicle lead times for chassis deliveries was 12-18 months. Costs continued to increase reflecting inflation, with many items increasing at a much higher rate (energy being the most significant of these), where costs had more than doubled.

Risk no. 36 – Increase in pay costs

Pay awards were separately set nationally for green and grey book staff and a 2% award has been estimated in the budget. A pay offer of 5% had been made by the employers in respect of grey book pay. The FBU had recommended that their members reject the offer, and, at the time of writing, the Service was awaiting the outcome of that. A pay offer of £1925 per FTE had been made by the employer in respect of green book pay. Unison had accepted the offer, however at the time of writing, Unite and GMB were awaiting the outcome of their consultations. Both of those offers significantly exceeded the budget provision and would therefore lead to significant cost pressures in the current and future years budget.

RESOLVED:- That the Audit Committee noted the actions taken and endorsed the revised corporate risk register.