Chapter 5 Part 1 Section 164(1) (a) and (b) of the Local Government Regulation 2012 require to keep a written record stating risks Council's operations are exposed to, to the extent they are relevant to financial management and the control measures adopted to manage the risks. In compliance with legislation, Council has adopted a Risk Management Policy and established a Risk Management Committee.
Importance of Risk Management
Enterprise risk management emerges from Council's intent to effectively and efficiently manage risks that may have an impact on the achievement of strategic priorities, operational goals and project objectives as defined in the Corporate and Operational Plans.
An effective enterprise risk management will:
- Contribute to the achievement of strategic priorities
- Facilitate open and transparent communication and consultation between Councillors, the Executive Team, managers and employees in defining aspects related to the identification, analysis, evaluation and treatment of strategic, operational and project risks Council is exposed to
- Enhance corporate governance by promoting a structured and systematic approach to Council's decision making processes
- Promote a proactive and dynamic perspective in handling and monitoring emerging new risks
- Recognise the capabilities, perceptions and intentions of external and internal stakeholders that can facilitate or deter the achievement of organisational objectives
- Facilitate continual improvement of the organisation
Risk Management Framework
The Enterprise Risk Management Framework determines the accountability and authority for managing risk. It also specifies the responsibility for implementing the enterprise risk management process.
Risk Management Process
The risk management process applied throughout Council is guided by the AS/NZS 31000:2009 model. This model provides a systematic method of identifying, analysing and prioritising risks that require treatment plans and immediate management action.
Communicate and consult
Throughout the process for managing risk, communication and consultation with all stakeholders will take place. A consultative team approach helps to appropriately establish the context, ensure the adequate identification of risks, bring together expertise required for analysing and evaluating risks and secure endorsement and support for the treatment plan.
Communication and consultation should facilitate truthful, relevant, accurate and understandable exchanges of information, taking into account confidential and personal integrity aspects.
Establish the context
Establishing the context basically encompasses a broad understanding of Council's operations; the external and internal environment in which it operates and the factors that have major impact on the achievement of its objectives.
Potential risks that need to be managed are identified. The sources of risk, areas of impact, events and change in circumstances, their causes and potential consequences are to be identified for the purpose of generating a comprehensive list of risks that may have a major influence in the creation of opportunities or prevent the achievement of Council's strategic priorities, operational goals and project objectives.
Risk is analysed by determining the positive and negative consequences and the likelihood of causes and sources of risk. By combining the evaluation of likelihood and consequences, a level of risk is ascertained. The effectiveness and efficiency of existing controls to mitigate the risk are also taken into consideration.
Risk evaluation entails ascertaining the acceptability of the risk. It involves the comparison of the level of risk determined in the risk analysis with the established risk evaluation criteria
Risk treatment involves choosing one or more alternatives for controlling or managing risks and implementing these alternatives.
Monitor and review
Monitoring and review of the risk management process is necessary to ensure that controls are effective and efficient, the external and internal context are up to date, the risk criteria and framework are relevant. The effectiveness of plans and strategies employed to manage and control risks will be reviewed and monitored.
Application of Risk Management
Council is committed to embed the risk management process into:
- Organisational culture
- Decision making processes
- Strategic Planning
- Operational Planning
- Projects, Programs and Events
- Business and Financial Processes
Risk assessment will be conducted:
- When major decisions are to be made
- When key strategies are to be developed
- As part of operational planning
- Prior to commencement and at key milestones of important projects and programs
- When existing processes are improved or upgraded
- When new processes are designed or developed