Tuesday 9th January, 2024
There’s some pretty major RED FLAGS in the Colchester City Council latest Risk Management Progress Report. Key Council services are rated as being ‘very high’ when it comes to the level of risk.
These include organisational resilience (how CCC reacts when the shit hits the Town Hall fan), Budget Strategy (not exactly staying out of the black and in the red) and Cyber Security.
Jan in Accounts has forgotten her password again.
Shit the bed.
These details will be discussed when the Governance and Audit Committee next meets at the Town Hall on 16th January.
The background behind the report is CCC marking its own homework. No one likes it when there’s a f-up at work. At least CCC is attempting to plan for the nightmare scenarios.
When it comes to Organisational Resilience, the report admits:
“The Council does not have the resources, or resilience, to be able to make the changes required to deliver the strategic plan outcomes.”
VERY HIGH is then highlighted in red to describe the serious threat level that this poses for the Council.
The Budget Strategy has the same red mark treatment:
“The budget strategy does not accurately reflect the unprecedented level of savings required.”
The LibDem Council will be meeting next month to put its Budget plans to Full Council for approval.
The report adds that there is:
“An inability to deliver the budget strategy as planned, unplanned additional use of balances / reserves and insufficient cashflow to meet liabilities.”
CCC is broke.
Aren’t we all.
It doesn’t make any better reading when it comes to Cyber and Data Security:
“Sensitive data, in any format, is not correctly managed, processed or protected from loss or theft (including as a result of a cyber attack) in line with GDPR and Data Protection Act requirements, including council data managed and handled by third parties. The ever increasing sophistication of phishing attacks increases the likelihood of officers and members inadvertently opening malware emails.”
CLICK HERE, etc.
The implications for such an attack are classed as VERY HIGH:
“Severe disruption to core services, financial, legal and reputational impacts for the Council, including ICO fines. Significant harm caused to residents with release of their personal details. Potential ransomware events.”
Corporate Assets is another area of concern. This refers to how the Council manages it residential and business stock throughout the borough:
“There is a failure to develop a comprehensive management plan and delivery model for the Council’s corporate assets, encompassing compliance, utilisation and future development.”
It gets grimmer:
“Assets are not maximised to their full potential. Statutory building procedures are breached resulting in fines and liability claims. The repairs and maintenance programme for the assets is insufficient to respond to issues, especially in connection with heritage sites. There is a deterioration of condition of assets leading to integral failure.”
If Members of the Committee are looking for better news down the agenda document, then they would do best to swerve the Interim Review of the Annual Governance Statement 22/23 Action Plan.
This report confirms:
“Due to pressures within the team the self assessment has not yet been completed and will be reviewed as soon as possible, in the first half of 24/25.”
Try telling that to the Tax Man about your own accounts come the start of April.
The report adds:
“The failure of the External Audit contractor to deliver a timely service in assessing the Council’s accounts could potentially mean that a financial governance issue is not resolved, and ultimately may impact on external assessment and partner challenge.”
Ouch.
The Chronic has a Patreon page over here if you want to support my work.