Agenda item

Report of the Head of Internal Audit.

Members received a report of the Head of Internal Audit relative to a deep dive on CR29 Information Management.

The Deputy Chair (External) said she was concerned by the review’s findings on split ownership of the risk, and the lack of mitigating actions, and asked what could be done to resolve this. In reply, the Head of Internal Audit said that they would use the risk management framework to escalate the concerns. The exposure on the risk was currently increasing because resource was not being given to actively mitigate the risk. The Chief Operating Officer (COO) said that the risk was currently jointly owned by her and the City Solicitor. She added that she felt the right place for ownership would be with the Head of IT, with the COO remaining as the responsible chief officer. The Head of IT role had not been filled permanently for several months, but a new officer would be starting shortly.

The Chairman asked who the equivalent risk holder would be in across comparable local authorities. The COO replied that it would commonly be held by IT departments, but this was not necessarily universal.

A Member suggested that the Committee should consider undertaking a risk appetite exercise, as it had been several years since this was last done.

The Chief Operating Officer said that the primary manifestation of the risk was lack of efficiency. There had also been a lack of sufficient training for staff on the tools which would help to improve things.

RESOLVED, that – the report be received, its contents noted and the feedback of the Committee be noted by officers.