Agenda item

The Director of Corporate Services submits a report to the Governance and Audit Committee which presents the Risk Management and Business Continuity Policy Statement and Strategies which provide an effective framework for Leicester City Council to management and respond to key risks facing its services and support the delivery of its Business Plan.

The Committee is recommended to note the report.

The Director of Corporate Services submits a report to the Governance and Audit Committee which presents the Risk Management and Business Continuity Policy Statement and Strategies which provide an effective framework for Leicester City Council to management and respond to key risks facing its services and support the delivery of its Business Plan.

Risk Management Manager, Sonal Devani, presented the report.

Members discussed the report and the following points were raised:

·       Members highlighted their appreciation for the structure and clarity of the report. However Members also expressed frustration with the font size used in the report and found it illegible at times.

·       Members enquired about the effectiveness of the business recovery system regarding the recent cyber security incident at the Council. The Director of Corporate Services, Andrew Shilliam, noted that the incident was ongoing, however the recovery process was consistent with the strategies outlined in the report. It was further noted that evaluation of the effectiveness of the strategy would be reviewed following the resolution of the incident and that a report would be brought back to the Committee in a future meeting.

·       Members expressed strong concern regarding the ongoing cyber security incident and need for clarity and transparency regarding the current state of affairs. A Member raised further concern with how the incident was being dealt with and the importance of democratically elected Councillors being provided with up-to-date information on large scale events. The Director of Corporate Services and Director of Finance noted that the incident was subject to an ongoing police investigation and that an all-Member Briefing had been delivered the previous day, 12^th March.

·       The Independent Member of the Committee questioned the Governance and Audit Committee’s position in the pyramid structure presented on page 22 of the report and welcomed regular training on Risk Management for Members of the Committee. Further concern was raised regarding their inability to attend a briefing regarding the latest cyber security incident and the expectations on the independent Member in supporting the Committee and fellow Members on the Committee. ACTION: The Director of Finance would take the concerns back to the Monitoring Officer.

·       Officers highlighted the role of the Committee in reviewing Council Strategies as opposed to scrutiny of live incidents, and referenced the Committee’s Terms of Reference. Officers further noted that a report on the cyber-security incident would be brought back to a future meeting following the conclusion of the incident, where Members could analyse the incident and compare effectiveness with the Council’s Framework and Strategies.

Councillor Kitterick proposed a motion and moved that: “the importance of transparency during major events as a democratically elected organisation and the requirement for up-to-date knowledge and awareness for Members of the Governance and Audit Committee was a must during high-risk incidents”. There were no Seconders and the Motion failed.

The Chair clarified to Members the importance of staying respectful when addressing officers or Members.

It was noted that Councillor Kitterick left the meeting.

AGREED:

1.    That the report be noted.

2.    That the Director of Finance refer back to the Monitoring Officer regarding the extent of the role of the Independent Member for the Governance and Audit Committee.