Cabinet_Report

South and Vale Corporate Risks

We reviewed the top 10 corporate risks for South and Vale and considered the need for internal audit work in 2024/25 as noted below:

No.	Risk Ref South/Vale	Description	Risk Score Gross/Net	Internal audit work in 2024/25
1	Exempt by virtue of paragraph 3 of Pat 1 of Schedule 12A of the Local Government Act 1972
2	86/88 NEW	Failure to implement Idox for South and Vale with no alternative option/plan B	8/8	This forms part of our Idox Implementation advisory work.
3	87/89 NEW	Current proposed Idox functionality falls short of that originally contracted to the council to deliver. (Risk 80/82 Failure to plan for smooth transition of Ocella replacement to Idox)	8/8	This forms part of our Idox Implementation advisory work.
4	81/83	Third party supplier suffers a cyber attack or data breach	8/8	Information Security audited in 2022/23, with management actions followed up quarterly.
5	58/62	IT and data security compromised due to remote working and naive user behaviour, which may result in data breach and fines/loss of reputation.	8/6
6	9/9	Failing to have an effective health and safety management system in place and lack of resource to support, may result in a fatality, illness or injury to staff or anyone else affected by our business; damage to property; legal action by HSE; civil claims and increased costs.	8/6	Health & Safety audited in 2022/23, with management actions formally reported every quarter, in addition to monthly reviews between Internal Audit and Health & Safety.
7	72/74	The transformation programme key four outcomes: •Accessible customer services •Digital data and technology user centred and secure •People skilled supported and resilient •Future proof the council through continual improvement are not realised.	8/6	This forms part of our Transformation Programme Board advisory work.
8	91/93 NEW	A number of key third party contracts are up for review/renewal within a similar time period, a failure to plan and resource each project may result in the council failing in its statutory duties provide poor service to residents, loss of reputation and increased costs.	8/6
9	71/73	Failure to deliver a full range of leisure centre activities with GLL through high fuel costs and economic downturn	8/5	GLL contract will be reviewing in the contract management audit, where we will provide assurance over the contract management controls within service teams
10	76/78	Failure to plan for 5CP exit and ensure seamless transition, will impact IT and services revs and bens/land charges loss of reputation etc.	8/5	This forms part of our 5CP Exit - IT Programme audit work.