Report of the Executive Director for Strategy & Governance.

Due the fact that no press or public were in attendance the Chairman proposed that agenda item 19 be discussed in open session.

Corey Gooch, the Business Intelligence Officer for the Corporate Improvement & Performance Team, was in attendance to observe the meeting.

The Corporate Improvement & Performance Manager presented the report.

A number of risks had been affected and amended since the previous quarter and a number of new risks had been added.  The under occupancy of the Riverside units had been moved to a ‘high’ category; however, a significant level of marketing activity was being carried out and a marketing and letting company had been hired to promote these units – alternative uses were being considered.

In response to a concern in relation to the amount of revenue the Council was losing whilst these units remained empty, Members were assured that the loss for this year could be significant but would be for 2019/20 if the remaining units were not filled.

The Chairman said he would be interested to know about the process of how the Council’s assets were managed/promoted when units became empty.  The Head of Internal Audit advised that this formed part of the audit process within the Internal Audit Plan.  The next review was due in 2019/20 but could be brought forward to this year if preferred.  Another option available to Members was to call in the Strategic Property Manager to present a one-off update to next meeting on the performance of the Council’s asset portfolio.  In response to a further concern about how well the Council’s assets were performing, the Chief Accountant advised that following an exercise carried out in 2017, there were a number of poorer performing assets that the Council was going to disinvest from and then re-invest in better performing assets.  Councillor Monument was of the opinion that looking at all of the Council’s assets could detract the attention from the empty units in Riverside and would rather see two entries on the register, one for Riverside and one for others.  Members were reminded that the occupancy rate was actually a performance measure that was already reported to the Overview & Scrutiny Commission (O&SC); and in terms of day to day risks, these were monitored at an operational risk level and not at a strategic level.  Mr Plaskett, the Independent Member, felt that a report showing all unoccupied buildings losing revenue should be presented to the next meeting.  The Head of Internal Audit pointed out that this would be delving into the remit of O&SC.  Councillor Hewett drew attention to the fact that this was an emerging risk for the Council’s ability to deliver the Medium Term Financial Plan and was also a significant reputational risk for Thetford.

It was agreed that a report on the processes of this matter would be added to the Work Programme for the next Governance & Audit Committee meeting in June 2018.

It was further agreed that a new risk would be added to the Risk Register in relation to income from commercial activities and the risk for Riverside would remain.

In terms of another risk mentioned in the report in relation to staff recruitment, Mr Plaskett asked how many key posts needed to be filled.  Members were informed that the two Executive Manager posts were currently filled by interims.

It was agreed that a date would be added to mitigate this risk.

Councillor Hewett drew attention to the General Data Protection Regulation (GDPR) Implementation risk in terms of controls and mitigation and felt that more regular meetings should be held as this could have a huge impact on the Council.  The Head of Internal Audit advised that all Norfolk authorities were working together on GDPR.

On the gender pay gap risk, it was noted that a report had already been included on the Council agenda for the forthcoming meeting.

Following a concern, it was agreed that the ‘likelihood’ score in relation to failure to deliver the Local Plan should be put back to a ‘2’.

Under the IT risk, Members were assured that a cyber security audit had been put in place and was now underway.

The report was otherwise noted.