To view or download this policy as a PDF click Governance and Elected Member Policies Documents
Title |
Risk Management Policy |
Policy Number |
P14 |
Type |
Council Policy |
Document Owner |
Chief Executive Officer |
Approval Date |
30 September 2022 |
MaGiQ Document ID |
691477 |
Review Date |
30 September 2025 |
Council Resolution Number |
OC137/2022 |
Purpose
The purpose of this policy is to:
- promote sound management and corporate governance practices which enable continuous improvement in decision-making and performance, increasing community confidence in Central Desert Regional Council (CDRC); and
The objectives of risk management planning is to:
- define the Council’s appetite and tolerance to risk and communicate it throughout the Council and the community; and
- align risk management practices to the CDRC Strategic Plan, Regional Plan and Service Delivery Plans.
Scope
This policy covers strategic risks (relating to the Regional Plan strategic goals), operational risks (all the operations of the Council) and project risks (specific to larger individual Council projects).
Definition and Terms
Member: means all elected members (Councillors), Local Authority members or Committee members whether elected or appointed by the Council.
CEO: means the Chief Executive Officer and includes the acting CEO.
ELT: Executive Leadership Team consisting of the CEO and relevant Directors.
Risk: can be defined as the combination of the probability of an event and its consequences.
Risk Management: is the processes and structures for the effective management of potential risks and adverse effects.
Risk Management Process: is the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, and analysing, evaluating, treating, monitoring and communicating risk.
Risk Owner: The person or entity responsible for ensuring that an appropriate risk treatment strategy is in place and implemented effectively.
RMF: Risk Management Framework.
Legislation and Reference
Local Government Act 2019
Local Government (General) Regulations 2021
ISO 31000 Risk Management Standards
Policy Statement
CDRC is committed to the development and implementation of a risk management framework specific to the organisation’s business and the organisational context. The design of the risk management framework will reflect the principles and the process outlined in the international risk management standard AS/NZS ISO 31000.
CDRC will aim to build an ‘organisational culture’ that values risk management, facilitates the development of risk mitigation measures that are proportionate to the issues at hand, and capitalises on opportunities.
Risk Management Principles:
- identify and rank significant strategic and operational risks using the CDRC risk management process;
- ensure risk management becomes part of day-to-day management;
- provide staff with the relevant policies, procedures and tools necessary to manage risks;
- monitor the Council's strategic risk profile at least quarterly; and
- implement a continuous improvement approach to risk management.
Responsibilities
The Council (elected body) are responsible for:
- Endorsing the Risk Appetite Statement;
- Appointment of Audit Committee; and
- Oversight of the effective maintenance of a culture of risk awareness and intelligence across the Council
The Audit Committee is accountable to the Council and play an advisory role, they are responsible for:
- Monitoring of strategic risk management and the adequacy of the internal controls; policies (such as conflict of interest, code of conduct and fraud policy), practices and procedures established to manage identified risk;
- Assisting in setting the risk appetite for Council;
- Determining and providing input into the Council’s strategic risks by way of endorsing and monitoring the Council’s Strategic Risk Register at least quarterly;
- Ensuring that a Risk Management Policy and/or Framework has been developed, adopted and communicated throughout the Council; and
- Reviewing the Risk Management Policy and/or Framework annually.
The CEO is accountable to the Council and is responsible for:
- Establishing the risk tolerance level of the Council for adoption by the Council;
- Endorsing the key risks identified by the organisation and the approach to manage and control these risks appropriately.
- Ensuring employees receive support and resources in fulfilling their responsibilities.
- Ensuring risk management is integrated into Council’s activities and functions.
- Ensuring that risk management processes are fully documented and managed through the records management system.
- Ensuring the RMF, inclusive of the Strategic Risk Register, Risk Toolkit, and Risk Management Workplan are established, implemented and maintained.
The Directors are accountable to the CEO and are responsible for:
- Ensuring employees receive support and resources in fulfilling their responsibilities;
- Ensuring risk activities adhere to Council’s risk tolerance level;
- Monitoring Council’s overall risk profile and controls;
- Ensuring identification and management of organisation’s key risks are undertaken effectively.
- Ensuring implementation, management and evaluation of risks, in accordance with the Risk Management Policy and/or Framework within area of responsibility.
- Ensuring that risk-based information is recorded in the Strategic Risk Register.
- Ensuring the Risk Management Workplan is enacted effectively as required.
The Regional Managers are accountable to the Directors and are responsible for:
- Monitoring of Council’s overall risk profile and controls.
- Ensuring implementation, management and evaluation of risks, in accordance with the Policy and/or Framework within area of responsibility.
- Ensuring that risk-based information is recorded in the Strategic Risk Register.
- Ensuring escalations are appropriately reported and identified actions are appropriate.
- Ensuring the Risk Management Workplan is enacted effectively as required.
Risk Owners are accountable to their respective managers and are responsible for:
- Managing their risks.
- Ensuring compliance with the Risk Management Policy and/or Framework including the procedures), while performing activities to implement risk analysis and mitigation.
- Engaging with appropriate personnel for appropriate and timely escalation
- Reporting the status of the risk in a timely manner.
Project Managers are accountable to their respective managers and are responsible for:
- Ensuring the Risk Management Policy and/or RMF is applied to the projects under their management.
- Ensuring Project Risk Management is undertaken by Risk Owners.
- Providing regular updates to their respective Director, Regional Manager or Manager/Coordinator on progress of risk management for those project risks that impact the organisational or strategic risks.
The Risk and WHS team are accountable to the Director Corporate Services and are responsible for:
- Assisting the ELT to develop, implement and maintain the RMF and risk program in a systematic and standardised manner;
- Developing and maintaining the logistics of a Risk Register(s) that records reasonably foreseeable operational and strategic risks, including risk treatment strategies;
- Assisting members of the ELT in the development and compilation of reports relating to Council’s risk profile and treatment strategies;
- Proposing direction for risk management for the organisation;
- Liaising with Internal Auditors and supporting the Audit Committee as required;
- Maintaining and controlling all risk management artefacts as the owner of the Risk Toolkit and Risk Management Workplan.
- Setting standards of best practice for risk management.
- Ensuring that employees are appropriately trained in risk management relative to their position.
- Risk Reporting* (Preparing various risk reports in accordance with the RMF to Council, Committee, CEO and ELT).
Employees are accountable to their respective managers and are responsible for:
- Identifying, evaluating and managing risks in their daily activities and projects.
- Ensuring that they’ve been informed of, and work under, all Council risk management principles.
- Adhering to the requirements of Council’s Risk Management Policy and/or Framework
Review History
Date |
Details |
06 October 2010 |
Adopted by Council |
November 2014 |
Reviewed by Audit and Risk Committee and referred to Council for adoption |
December 2014 |
Adopted by Council ( OC001/2014) |
November 2015 |
Reviewed by Audit and Risk Committee and referred to Council for adoption |
August 2016 |
Council adopted the revised policy (OC145/2016) |
7 December 2018 |
Reviewed by Audit and Risk Committee and referred to Council for adoption |
31 January 2019 |
Council adopted revised policy (OC009/2019) |
29 July 2020 |
Reviewed and adopted by Council (OC086/2020) |
30 September 2021 |
Reviewed and adopted by Council (OC150/2021) |
30 September 2022 |
Reviewed and adopted by Council (OC137/2022) |