A BESPOKE RISK INITIATIVE PROGRAM TO SUIT YOUR COUNCIL’S NEEDS
We are introducing a new way for Members to take up the Statewide Mutual Board-funded risk initiatives. From 1st July 2019, Members can now select from a range of programs across a variety of subject areas, based on your Council’s specific risk management priorities.
RISK INITIATIVES AVAILABLE
Below you will find the risk areas covered and the services available under each initiative. Note that for some areas there are multiple services. Members can choose one (1) service per year.
Click on the + sign to learn more about each initiative.
1 Business Continuity Management
Service 1: Business Continuity Management (BCM) Training & Business Continuity Plan (BCP) Scenario-based Exercise
Facilitation of training offered to all personnel with responsibility in the BCM Framework.
Facilitation of a suitable scenario based exercise to test the existing BCP arrangements in place and the personnel’s ability and capability to respond.
| Why it is important | What it entails |
| It is imperative that personnel assigned a role within the Business Continuity arrangements have a complete understanding of their responsibility, as well as the opportunity to practice their response in the safe environment of a scenario exercise. |
This service is comprised of one training session and one scenario-based exercise session. The training session is offered to members of the high level team established in accordance with the member council’s current BCP, as well as the owners of critical business functions that have a BCP in place. Each training session is approximately 1.5 to 2 hours long. The assigned team, as per the existing BCP, will primarily participate in the scenario-based exercise. Other participants may be included depending on both the objectives of the exercise and the areas chosen to be tested. This will be discussed with the organisation prior to the development of the scenario. The exercise session is approximately 2.5 to 3 hours long, including a short debrief period at its conclusion. |
Service 2: Business Impact Analysis (BIA)
The BIA is a thorough analysis of the organisation’s business functions undertaken to understand the context of the organisation, the potential threats and risks faced and to identify the needs and criticality of the various functions.
| Why it is important | What it entails |
|
A BIA is an in-depth assessment of the organisation’s operations and business functions, which serves to determine the level of criticality of each function. Understanding the criticality levels will assist the organisation to prioritise its efforts during the recovery stage. For those business functions deemed critical, it will further identify the needs, vulnerabilities, resources and strategies to assist the function to continue to deliver its services, within a specified timeframe and to an agreed level of service. The BIA is also a pro-active tool that interrogates the current status of the function, and encourages improved preparedness in the event of a significant disruption. |
This service will include a workshop session conducted over approximately a one day period. During the session participants are provided with a BIA form to be completed, and are guided in the type of information that is to be captured.The information and completed forms remain within the organisation to refine and develop their own BCPs for each critical function. |
2 Climate Change Assessment
Facilitation of one CCA workshop which aims to consider and understand the potential impact of climate change on Council’s business operations.
| Why it is important | What it entails |
| Climate Change poses many potential threats to Council operations arising from changing climatic variations. For example, whilst too little rainfall can affect water supply, too much rainfall can cause flooding.
Rising temperatures can also affect the condition of roads and other critical infrastructure such as water and sewer operations. |
An onsite workshop, approximately 5 hours in length, will be conducted with personnel representing all business areas of the organisation. A climate change assessment table will also be prepared and provided to council. |
3 Contractor Management
| Why it is important | What it entails |
| There are many risks to Council associated with Contractor management. This can include public/ worker safety, lack of appropriate insurance, contract wording, competence to name a few. | This service will raise awareness of the risks associated with contractor procurement and management by breaking it down into manageable phases. This enables areas of concern to be dealt with in a systematic manner to minimise risk exposure of each phase. Attendees should be Project Managers, Engineers, Risk / WHS / Procurement Officers as well as anyone who engages contractors.
This service will involve a workshop that focuses on reviewing the current contractor engagement process. A gap analysis report will also be provided. |
4 Emergency Management Planning
Train Council’s EPC to ensure the appropriate framework is in place for all Council owned and managed facilities to ensure the safety of its occupants (personnel or public).
| Why it is important | What it entails |
| Council have a legal obligation to provide appropriate facilities and response to an emergency. This is coordinated by the Emergency Planning Committee (EPC). By establishing and training the EPC, Council will have assurance that it has the appropriate skills, structures and formalised arrangements in place to effectively respond to emergencies and safeguard workers and other occupants. | Consultants will work with Council to establish an EPC and train them in their roles to comply with relevant legislation and Australian Standards. The service will also involve the provision of a tailored Emergency Preparedness Policy and Procedure which will set out the emergency management structure and arrangements for Council, to ensure a coordinated approach across the organisation. |
5 Enterprise Risk Management
A comprehensive overview of all the key elements in building a robust and mature risk management capability within your Council.
| Why it is important | What it entails |
| Truly effective ERM is an often misunderstood aspect of Council strategy and operations; and yet risks exist whether they have been recognised or not.
This programme will provide insight into how effective ERM can provide guidance and confidence in strategy and objective selection. It will facilitate better decision-making by focusing attention on the factors critical to achieving objectives, and will guide understanding of what to monitor and control. |
This service will include two onsite workshops, approximately 3 hours in length. The first workshop will focus on ERM fundamentals, the importance of effective ERM Frameworks and the development of Risk Appetite within the Council context. Attendees should be Council Executive, Audit, Risk & Improvement Committee members and Councillors.
The second workshop will focus on risk identification, analysis and evaluation as well as monitoring and reporting. We propose that council identify and analyse 1 strategic risk and use the Bow-tie methodology to evaluate that risk in conjunction with Council’s risk framework criteria. Discussions will also be facilitated in relation to the identification, monitoring and reporting of controls within a broader risk reporting regime. Attendees should be Council Executive, Department Managers and Team Leaders. |
Service 2: Risk Appetite Development
Identification and development of Risk Appetite and Risk Appetite Statements and operational implementation planning session.
| Why it is important | What it entails |
| Effective ERM cannot be achieved without Council understanding how much risk it is truly willing to accept across all facets of its operations. Risk Appetite Statements for each category of risk provide qualitative guidance on Council’s willingness to accept risk, as set by Council’s leadership groups.
Additionally, in order to truly measure whether Council is operating within its stated Appetite for risk, the development of Risk Tolerances is important. These will provide a quantitative indication as to whether Council’s appetite is accurate and whether it is meeting that appetite. Risk Appetites and their operationalising Risk Tolerances will provide Council with a better understanding of its risk profile and facilitate improved rigorous decision-making. |
This service will involve two on-site visits to Council, approximately 3 hours and 2 hours in length respectively. Attendees should be Council Executive, Audit Risk & Improvement Committee members and Councillors.
The first visit will focus on the development of Council’s Risk appetite as well as the identification of Risk Categories and their subsequent Appetite levels. Risk Appetite Statements will then be developed for Council off-site. The second on-site visit will focus on Risk Tolerance and its role in the operationalisation of Risk Appetite. This will involve the selection of 1 Risk Category and relevant metrics that can be used to measure whether Council is operating within its stated Risk Appetite. A demonstration of modelling to determine if the stated Appetite level is appropriate based on metric targets will also be provided. |
Service 3: ERM Maturity Review
This is the start of the journey to improving risk culture at Council. Council will make risk informed decisions that will improve the strategic outcomes planned.
| Why it is important | What it entails |
| The NSW Auditor-General’s Report to Parliament, ‘Report on Local Government 2018’, identified 174 control deficiencies in governance and thus highlighted the need for improvement in risk management practices.
This service is for Councils looking to take their ERM practices to the next level on their maturity scale by going above and beyond compliance alone. Through addressing the issues that can add strategic value and implementing a fully integrated ERM, Council will be better equipped to make risk-informed decisions and move forward in the ERM Maturity Roadmap. |
This service will examine Council’s existing ERM Framework, with a particular focus on; strategy & governance, process, systems and intelligence, monitoring and review and culture.
The review is benchmarked against the ISO 31000:2018 Risk Management – Guidelines and aligned with the assessment tool of the Audit Office of New South Wales. A report will be provided to Council outlining areas for improvement in the existing ERM framework. |
6 Fraud
Deficiencies in fraud controls at Council can have an adverse effect on the delivery of services. The evaluation of existing fraud controls will enable Council to address the gaps to minimise the negative effects.
| Why it is important | What it entails |
| Fraud events can directly influence Councils’ ability to deliver services, and undermine community confidence and trust. The NSW Auditor-General’s Report to Parliament, ‘Report on Local Government 2018, revealed 83 high-risk issues which predominately arose from deficiencies in fraud controls across Councils. The Report also revealed that whilst Councils may have fraud control procedures and systems in place, staff often lack adequate understanding of them. There is also significant variation between Councils in the quality of their fraud controls. Therefore, it is important that the controls Council have in place are evaluated. |
The aim of this service is to increase staff knowledge on fraud prevention, detection and response. An online survey is delivered to all staff, and training topics are then customised according to the results of survey. Two on-site training sessions will be provided, each approximately 2 hours in length. |
Service 2: Fraud Control Framework Review (FCFR)
| Why it is important | What it entails |
| Acknowledging the above challenges, the FCFR is designed to assist Councils to align with The Audit Office of New South Wales (AONSW) 2015 Fraud Control Improvement Kit (the Kit), which identifies ten attributes of an effective fraud control system. | The process begins with a desktop document review and production of a report, followed by five onsite workshops for the high fraud risk area such as; procurement, financial management, payroll, intellectual Property/asset management and information systems. This will form the basis of a report that includes a heat map of top 10 high fraud risk events and a gap analysis of Council with the AONSW report findings. Attendees should be CFO, procurement staff, risk manager and Directors |
7 Insurable Risk Analysis
Service 1: Scenario Analysis & Limit Validation
| Why it is important | What it entails |
| In order to make informed decisions on risk transfer, it is important that the efficacy of the current insurance programme is regularly tested against Council’s major risks. Doing so ensures that potential uninsured exposures are identified and appropriate action can be taken to mitigate these risks. | This service will optimise Council’s understanding of its major insurable risk exposures. We will conduct a risk profiling workshop at Council offices, forming the basis of a report that will quantify major risk scenarios and measure them against Council’s current insurance programme. The workshop will take approximately 3 hours onsite. Attendees should be finance, risk, operations and relevant stakeholders. |
Service 2: Asset Insurance Index Review
| Why it is important | What it entails |
| The insurance renewal process is a challenging task for Councils: obtaining data on all assets and the development and provision of appropriate data to allow Council to define the assets it needs to insure is often time-consuming and fragmented, leading to potential information deficits on the part of decision-makers. | We propose an indexing process which offers a structured and auditable methodology for determining decisions to insure Council’s assets. The report produced will ensure that Council’s risk transfer decisions are better aligned with its strategic objectives. Council’s asset listings will be developed based on pre-determined risk factors. The report will also involve the development of a model of outcomes which provide an overview of the assets Council wishes to insure, based on its risk appetite. Decision makers in the field of insurance procurement should attend this workshop. The workshop is held onsite and takes approximately 2 hours. |
8 Governance
An intensive workshop designed to increase Councillors’, Executive Management, Audit Risk & Improvement Committee and Managers’ awareness of their roles and responsibilities and what is required to ensure good corporate governance frameworks have been implemented.
| Why it is important | What it entails |
| Governance Frameworks provide the foundation of our corporate cultural environment yet many organisations only react after a governance breach has occurred. Few organisations adopt a proactive, preventative stance. There is often a misplaced belief that the existing financial controls and reporting systems, together with insurance cover, provide adequate protection. Not only does such a view expose organisations to risks that may harm their reputation, the tacit acceptance of this approach fails the ‘due diligence test’ of corporate governance and may expose Senior Management, Councillors and Council to liability. | This service includes an intensive workshop to discuss and review the following; current local government challenges, leadership roles, governance, decision making, risk management, internal control and a governance case study.
The attendees will be educated and made aware of their role and responsibilities as a Mayor, Councillor, Executive Manager or Audit Risk & Improvement Committee member; as well as a Good Corporate Governance Framework requirements and Integrity and Risk Management philosophies. The interactive workshop will be conducted in accordance with the Australian Institute of Company Directors guidelines and will ensure that the attendees consider their role as it will apply to the current Legislative requirements within the current challenging Local Government environment. |
Service 2: Officer Due Diligence Workshop and Assessment
| Why it is important | What it entails |
| Section 27 of the NSW WHS Act places a personal responsibility on officers to demonstrate they have exercised due diligence by undertaking certain activities. The definition of an officer can be confusing as it doesn’t just mean Directors. This primary determination is a crucial step to ensuring those with Officer duties are made aware of their responsibilities. Failure to comply may result in a prosecution to the individual resulting in fines and imprisonment as well as claims against the Councillors and Officers (C&O) insurance policy.
If the recommendations in the NSW WHS Act 2011 review are adopted insurance cover will be illegal therefore all costs of the prosecution and fines will be paid the officer being prosecuted. |
An initial assessment will be undertaken to determine who within Councils organisation structure may be deemed an officer. Following the assessment all deemed Officers will be provided with a presentation explaining what their personal responsibilities to WHS compliance are. Section 27 of the WHS Act requires officers of a corporation to demonstrate what they do proactively to comply. This includes being knowledgeable of WHS matters, understanding the nature of operations, having appropriate resources and processes and addressing hazards and incidents appropriately in a timely manner. This service will also involve the provision of a personalised review and gap analysis report for each Council Officer, in relation to meeting their own due diligence requirements. |
9 Environmental Risk Assessment
A workshop to enable participants to identify, assess and control risks and environmental aspects within Council operations.
| Why it is important | What it entails |
| Environmental incidents, whilst rare, can be hugely expensive in clean-up costs and prosecutions. These incidents can also pose significant reputational risk to Council. | This workshop will demonstrate how environmental risk assessments can be undertaken and aligned to a specific asset, location or facility. The outcome of this workshop will be a broad environmental risk profile of the chosen asset, location or facility. |
10 Chain of Responsibility
| Why it is important | What it entails |
| In October 2018 the National Heavy Vehicle Regulator amended its Chain of Responsibility (CoR) laws with regards to deliveries by heavy vehicle. The changes require all persons with a role in the transport chain to comply with the legislation. Criminal prosecution and personal penalties may result from failure to comply. | A workshop will be conducted to raise awareness and build a knowledge base within Council surrounding the key roles that now have responsibilities under CoR legislation. These roles include Consignor, Consignee, Scheduler, Loading Manager, loader and operator. The respective responsibilities of these roles will be highlighted such as driving at safe speeds, policies on regulated driving hours, and load design. Business practices must reflect how the organisation will address CoR for those areas that they have control or influence over. A CoR risk assessment will be conducted for each of the key roles in the chain. Gaps in the current system will be identified and controls recommended. A gap analysis report will be completed and sent to Council on conclusion of the workshop. |