Challenge

A1

Information Governance and security

To ensure the council continues to comply with its data protection, information governance and information security legislative, regulatory and statutory obligations (Responsible officer: Senior Information Risk Owner).

Actions

a)

Ongoing monitoring and reporting of data breaches including identification of lessons learned.

Breaches are reported to Corporate Information Governance Group (CIGG) and include risk mitigation activity and the lessons learned that are being or have been implemented.

Improvements in information sharing are allowing discussions and mitigation actions to take place earlier. Further improvements to risk management are also being developed.

b)

Ongoing measures to raise staff awareness of risks including updates to and completion of mandatory training as necessary; phishing simulation exercises; case studies; and monitoring arrangements in place to evaluate effectiveness and any other required actions.

A portfolio of seventeen Information Security training modules, covering data governance, information security and cyber security have recently been made mandatory for all staff via the Learning Zone online platform. The expectation is that all staff will have completed the training by the end of 2025. This is on track with 67% of the workforce having completed the training by September.

Monthly phishing simulation emails are circulated to test and assess employee awareness. On average currently less than 1% of employees click the unsafe link each month. Further action is taken where this is necessary. Further work is also taking place is to redesign the Security Awareness Programme, to help make it more comprehensive and impactful.

c)

Continued investment in technology to best protect the Council’s network and data integrity from potential cyber threats.

Further technological infrastructure improvements have been made including completing the rollout of Windows 11 across the organisation. Cyber security has been further strengthened with the installation of Security Information and Event Management (SIEM) software.

In November 2025, the Council successfully retained the ISO27001 information security accreditation. The ISO27001 framework is an internationally recognised set of standards for information security management systems. Our systems and arrangements were subject to a robust external review and the accreditation helps to demonstrate that our controls and processes remain effective in protecting information and managing security risks.

We are progressing through the Government’s Cyber Assessment Framework, which alongside the ISO27001 accreditation, means the Council will exceed the requirements set out in the recent ministerial letter on cyber security.

Challenge

A2

Transformation and savings delivery (Responsible Officer: Corporate Director Resources)

The council has an established transformation programme to bring together services following unitarisation and deliver significant savings. However, increasing funding pressures mean there are further challenges ahead and more savings will be needed.

Actions

a)

Consider both internal and external opportunities for wider transformation and savings delivery.

The way we will work programme is considering a number of areas supporting wider transformation and savings delivery. The programme covers a number of areas, including back office/support services, use of AI and technology, workforce productivity and property rationalisation.

Likewise, the Customer programme is reviewing a number of areas including the use of technology to support better customer outcomes.

In addition, a small “research and development” team has been created to explore best practice elsewhere and to identify opportunities to roll-out within the Council.

b)

Review existing service delivery structures. Challenge current ways of working and service delivery. To fully roll out the Target Operating Model way of working throughout the Council. Adopt standard ways of working to reduce possible waste and to improve outcomes. Identify changes which cut across services and provide a better journey and outcome for customers (linked to the Customer Strategy).

Restructuring of the Council following LGR is now largely completed.

A key focus has been on the redesign of services, bringing together policies, processes and systems to ensure harmonised ways of working. Progress has been made in a number of areas, including:

·         All seven legacy Revenues & Benefits systems have been successfully migrated onto a single platform, with aligned processes, procedures and reporting.

·         Consolidating the council’s income management systems into a single system. It is expected that all former systems will be moved over to one platform by the end of December 2025.

·         Designing and planning for the new finance system due to be implemented in April 2026.

A new Customer Experience Strategy has been agreed setting out the Council’s approach to achieving its vision for putting the customer at the heart of everything we do. Programme planning has also taken place in preparation for the production of a business case for a replacement Customer Relationship Management System.

The Health and Adult Services (HAS) directorate is also finalising a fundamental review of service delivery structures. The new structures will become operational in January 2026. These restructures have been made to support delivery of the HAS 2030 plan, which includes developing new services, improving existing services and delivering

savings of £13m by 2028.

c)

Consider opportunities for services to increase net income, reduce third party expenditure and deliver savings. Ensure services have the right tools and operating environment to drive out efficiencies and increase productivity.

In addition to savings and transformation activities referred elsewhere, services have considered opportunities for further savings and transformation as part of the recently completed service planning process. This work will feed into the annual budget setting and medium-term financial planning cycles in the remainder of 2025/26.

d)

Identify measures to reduce and manage demand, working collaboratively across services and with partners.

Identifying measures to help reduce and manage demand pressures has been part of the ongoing transformation activities. One of the three key cross cutting programmes within the new Transformation Strategy relates to Demand Management.

Opportunities have been identified. On children’s safeguarding, the Council is working closely with the NHS and Police as part of the Multi Agency Screening Team (MAST). Reviews of referrals and screenings have taken place, along with practice workshops and family assessments. The work has supported the management of relevant matters, including demand, thresholds and the introduction of measures to support inclusive mainstream education particularly around transitions.

e)

Develop and agree a council wide plan to help deliver these improvements and savings.

An updated Transformation Strategy has been prepared, and in November 2025 was reviewed and approved by Management Board. It is now to be considered by the Corporate & Partnerships Overview and Scrutiny Committee at its next meeting.

Challenge

A3

Consistent good quality management of Capital Schemes (Responsible officers: All of Management Board)

To ensure the council consistently and effectively manages the delivery of major capital programmes and projects.

Actions

a)

Review of project management guidance to provide greater clarity on roles, responsibilities (including financial management), project governance, accountability and decision making.

Capital project delivery arrangements have been reviewed as part of the work to introduce the Target Operating Model. Some changes are being made to help support consistent project governance, accountability and decision making. The main changes are in two key areas; the capital gateway approval process, and the capital boards who overview and scrutinise capital projects and expenditure.

The capital gateway process covers the whole lifecycle of the capital project, from the initial planning to project close. A revised standardised gateway process with standardised templates for all schemes has been developed and has recently been signed off by senior management. These templates will capture and categorise the relevant risks of the project. Completion of all of these documents and processes, will help ensure each scheme has appropriate arrangements in place, and provides clearer guidance for officers.

The council has four capital boards. The review identified that these boards had evolved in different ways and were not always working effectively. The boards have now adopted refreshed terms of reference. Standard board agendas and formats, with consistent project monitoring and reporting is planned to be introduced in the second half of 2025/26.

Changes are being aligned with transformation and other relevant project guidance. Once the changes are fully introduced, Council wide training on the new arrangements will be provided to all officers involved in the capital programme.

b)

Review and roll out budget management training to ensure the consistent application of the Council’s requirements for effective control of programme and project budgets.

Improvements to Council wide budget monitoring are being introduced alongside the new SAP financial system, which is to be introduced in April 2026. Budget management training to support effective capital programme management will be considered alongside wider training on the new finance system.

Contract management training is also being reviewed with a view to providing targeted training and support to those higher risk areas within the Council which are often capital related.

c)

Implement standard processes for the appointment, use and management of consultants to ensure consistent practices are being followed throughout the Council.

Standard processes are now in place for the appointments of consultants.

Any ‘lessons learnt’ identified from our reviews of significant capital schemes and the use of consultants, are being shared throughout the Council, to help raise awareness and improve consistency of practice.

d)

Implement assurance frameworks to ensure capital schemes are being managed in line with Council expectations.

The changes being introduced to standardise the capital gateway processes and support consistent ways of working for the four capital boards, will help provide assurance that capital schemes are being managed in line with Council expectations.

Challenge

A4

Data and Systems (Responsible officers: All of Management Board)

The new Council inherited a large number of systems and processes. Further work is required so that the council has the reliable data and insights to consistently support decision making, track outcomes and drive improvement.

Actions

a)

To define, develop and implement the data strategy.

A council wide data strategy has been written and was considered by Management Board in October 2025. A finalised strategy will be agreed shortly.

The Council’s data programme has projects to support better data, including on data architecture, making data ‘AI ready’ and having a single Local Land and Property database. Procurement documents for expression of interest have been issued for the data architecture software that will be underpinning the Council’s new approach. Progress on the data programme is being reported quarterly to the Corporate and Partnerships Overview and Scrutiny Committee.

b)

To fully roll out the Target Operating Model way of working throughout the Council.

A number of in-progress service specific and cross cutting projects are considering data as part of improvements being made. This includes work on the new finance system, customer relationship management platform, and library management system.

A recently completed and reported project related to having a centralised GIS database to store assets has been completed. The project has provided GIS users mapping services with increased functionality and over time will reduce the cost of GIS contracts to the Council.