Meeting of the BBC Audit and Risk Committee SUMMARY MINUTES. Thursday 22 June, 2017 New Broadcasting House, London

Similar documents
Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2018

NERC Staff Organization Chart Budget 2019

Aneurin Bevan Health Board

NERC Staff Organization Chart Budget 2017

NERC Staff Organization Chart Budget 2017

AGENDA ITEM: 3.4 DATE OF MEETING: 3 MAY 2018 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE

Policy. Business Resilience MB2010.P.119

BOARD OF DIRECTORS (OPEN) Meeting Date: 14 th November 2018

The ehealth Annual Report aims to highlight the activities within the teams that make up the ehealth Department.

MNsure Privacy Program Strategic Plan FY

CHARTERING SITE QUICK START GUIDE

Business Continuity Policy

Office of the Minister of Broadcasting, Communications and Digital Media Chair, Cabinet Appointments and Honours Committee

CHAIR AND MEMBERS CIVIC WORKS COMMITTEE MEETING ON NOVEMBER 29, 2016

Cybersecurity Risk Management Guide for Voluntary Use of the NIST Cybersecurity Framework

Operations briefing Part three

The National Fire Chiefs Council. Roy Wilsher Chair National Fire Chiefs Council

Cyber Security is it a boardroom issue?

1. ICT Strategy- I require the document that hold future plan and strategy of the organisation s ICT department.

JUSTICE SUB-COMMITTEE ON POLICING AGENDA. 2nd Meeting, 2014 (Session 4) Thursday 20 February 2014

The National Fire Chiefs Council. Roy Wilsher Chair National Fire Chiefs Council

University of Dublin Trinity College

NHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17)

REPORT 2015/010 INTERNAL AUDIT DIVISION

NERC Staff Organization Chart

GMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Cyber Security Strategy

SCHEME OF DELEGATION (Based on the model produced to the National Governors Association)

Minutes of the Annual General Meeting Held at Canterbury Christ Church University 6 th September

To be an active partner, always ready to improve by working with others

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Security and Privacy Governance Program Guidelines

INTERNAL AUDIT DIVISION REPORT 2017/138

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

CHARTER OUR MISSION OUR OBJECTIVES OUR GUIDING PRINCIPLES

VISION: MISSION: That society continues to have confidence and trust in the engineering profession.

LEADERSHIP GROUP LG (2017) Paper October 2017 RESILIENCE BOARD

NERC Staff Organization Chart 2015 Budget

INFORMATION SECURITY AND RISK POLICY

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

TERMS OF REFERENCE. Scaling-up Renewable Energy Program (SREP) Joint Mission. Lesotho

Andrew Durant/Ellen Sullivan

Communications Strategy

Presentation by Craig Richardson, Chief Executive Officer Australian Emerging Companies Conference UBS Sydney Australia Monday 20 April

Superannuation Transaction Network

Board Assurance Framework and Corporate Risk Register Report

Welcome John Harris, Director General

Unclassified. Date Monday 24 September Business Continuity Plan Review - Mission Critical Activities

Digital Health Cyber Security Centre

Dated 3 rd of November 2017 MEMORANDUM OF UNDERSTANDING SIERRA LEONE NATIONAL ehealth COORDINATION HUB

NHS Fife. 2015/16 Audit Computer Service Review Follow Up

ALBEMARLE COUNTY SERVICE AUTHORITY

MEETING: RSSB Board Meeting DATE: 03 November 2016 SUBJECT: Rail Industry Cyber Security Strategy SPONSOR: Mark Phillips AUTHOR: Tom Lee

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013

Short Guide to using the Report Template (Version 3)

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Canada Life Cyber Security Statement 2018

Clarity on Cyber Security. Media conference 29 May 2018

Cyber security. Strategic delivery: Setting standards Increasing and. Details: Output:

ANZPAA National Institute of Forensic Science BUSINESS PLAN

On Monday, October 1, 2018, the Economic Development and Housing Committee will be briefed on updates regarding the Housing Policy Taskforce.

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Document Control Sheet. BCS, The Chartered Institute for IT. BCS Health Executive. Terms of Reference

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Critical Infrastructure Sectors and DHS ICS CERT Overview

Heads of Internal Audit Webinar. Integrated Assurance. 24 July In partnership with

INFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Information Technology Branch Organization of Cyber Security Technical Standard

ECCouncil EC-Council Certified CISO (CCISO) Download Full Version :

Information Security Strategy

Ervia Risk Management. Elaine O Donoghue IPA Governance Forum Briefing 10 th November 2017

POSITION DESCRIPTION

Cyber Security. Building and assuring defence in depth

Todd Sander Vice President, Research e.republic Inc.

B.29[18a] Infrastructure as a Service: Are the benefits being achieved?

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Public Safety Canada. Audit of the Business Continuity Planning Program

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Purpose. Executive summary

Infosec Europe 2009 Business Strategy Theatre. Giving Executives the Security Management Information that they Really Need

HCPC's Risk Assurance Part 1

Dynamic Transformation of the Energy Industry JUNE 25-27, 2019 COEUR D ALENE, IDAHO REGISTRATION

Securing strategic advantage

GAO CYBERSPACE POLICY. Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed

WRI BUILDING EFFICIENCY INITIATIVE BUILDING EFFICIENCY INITIATIVE, WRI ROSS CENTER FOR SUSTAINABLE CITIES

CENTRAL CITY IMPROVEMENT DISTRICT 5 YEAR IMPLEMENTATION & PROGRAMME PLAN Year 5: 1 ST July 2019 to 30 th June 2020

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

Single Academy Trust Structure

INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) DISASTER RECOVERY POLICY AND PROCEDURES

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Transcription:

Meeting of the BBC Audit and Risk Committee SUMMARY MINUTES Thursday 22 June, 2017 New Broadcasting House, London ITEMS OF BUSINESS 1. Internal Audit quarterly reporting: a) Internal Audit quarterly update b) Internal audit plan 2017/18 2. Risk reporting: a) Quarterly risk update b) Risk briefing - cyber security c) Risk briefing - physical security d) Risk management activities 3. Responses to Public Accounts Committee reports: a) BBC Critical Projects b) BBC Licence Fee 4. NAO update to the BBC Audit and Risk Committee 5. For approval / noting: a) Whistleblowing report b) Annual plan for the Audit and Risk Committee c) Non audit fees 6. AOB 1

ATTENDANCE Members: Simon Burke Non-executive director (Chair) Tom Ilube Non-executive director Ashley Steel Non-executive director Board members present: Tony Hall Director-General Anne Bulford Deputy Director-General With: Balram Veliath Director, Quality, Risk and Assurance Ian Haythornthwaite Director, Finance Shirley Cameron Group Financial Controller Peter Ranyard Assistant General Counsel (for Sarah Jones) Stephen Smith Executive Partner, NAO Kate Mathers Audit Partner, NAO Phil Harrold Company Secretary Chris Sandford Director-General s Office (secretary) Peter Tansley Head of Internal Audit (item 1) Paul McCauley Head of Risk (item 2a, b and c) Gary Payne Chief Information Security Officer (item 2b) Simon Marr Director of Safety, Security and Resilience (item 2c) APOLOGIES No apologies were received. 2

AUDIT AND RISK COMMITTEE SUMMARY MINUTES 22 JUNE 2017 1. Internal Audit quarterly reporting a) Quarterly review of Internal Audit activity and audit actions 1.1 The Audit and Risk Committee discussed the quarterly update from Internal Audit, summarising recent audit activity and updating on the status of audit actions. The Committee noted current progress against the audit plan. A pilot of a data-led, continuous controls monitoring approach was underway and the Committee would be updated on this at the next meeting. b) Internal audit plan 2017/18 1.2 The Committee noted the 2017/18 Internal Audit plan, which had been approved by the previous Executive Audit Committee. It was noted that the plan was thorough and provided good coverage of the BBC s main risks. 2. Risk reporting a) Quarterly risk update 2.1 The Committee were provided with the quarterly risk report and a summary of key strategic and operational risks and mitigations. The Committee agreed that it was important that high rated risks were a focus for the Board and were assured that current agendas were reflecting the relevant areas. b) Risk briefing cyber security 2.2 The Committee were given a briefing on the specific risk issue of cyber security, following recent high profile issues and attacks on other organisations, such as the NHS. The Committee noted that the BBC was experienced in this area. It was also encouraging that staff awareness of cyber security threats and issues was increasing. c) Risk briefing physical security 2.3 The Committee were given a briefing on physical security threats and the BBC s response. Following recent terror incidents and given the heightened national threat level, the BBC had introduced additional security protocols, ensuring the necessary level of security support could be provided sustainably. 3

d) Risk management 2.4 The Committee were given an update on work to make further improvements to the management of risk in the BBC, building on the findings of the BBC Trust s review of risk management in 2015. Guiding principles for risk management were now in place and the Committee were supportive of the work. 3. Responses to Public Accounts Committee reports 3.1 The Committee were asked to approve BBC responses to two reports of the Public Accounts Committee (PAC) on Critical Projects and the Licence Fee. The responses were previously considered at the BBC Trust and the role of approving such documents under the new governance structure would rest with the Committee. The Committee noted that the responses to recommendations were largely clear and direct. 3.2 The response to the report on Critical Projects was approved. It was agreed that the response to the report on the Licence Fee would be submitted following the Board discussion on the issue scheduled for July. 4. NAO transition and audit schedule 4.1 The Committee were briefed by the NAO on their audit planning and work undertaken in the transition process. The process had been positive so far and the NAO were working to develop a strong understanding of the BBC s complex market and risks. 5. For approval / noting a) Whistleblowing report 5.1 The Committee noted the quarterly whistleblowing report, which showed no significant issues to raise. 5.2 It was noted that a new Non-Executive Director needed to be appointed as the BBC s independent whistleblowing contact. The Director, Quality, Risk and Assurance would brief members on what was required and finalise the details of the new contact. 4

b) Annual plan for the Audit and Risk Committee 5.3 The Committee noted a paper setting out a draft schedule for the Committee in the coming year. The Chair asked for members to comment offline on any areas they would like to see a particular focus on. c) Non-audit fees 5.4 There were no non-audit fees to report to the Committee. 6. AOB 6.1 There were no items of other business. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback