Risk Management Policy

7.1 Risk Management Policy

Location Town-wide

Reporting officer Danielle Uniza

Responsible officer Michael Cole

Voting requirement Simple majority

Attachments 1. Sample - Council Enterprise Risk Management Policy [7.1.1 - 3 pages] 2. Proposed Policy 004 Risk Management [7.1.2 - 3 pages] 3. Current Policy 004 Risk management [7.1.3 - 4 pages]

Recommendation

{recommendation-start-do-not-remove That the Policy Committee recommends that Council adopts the amended Policy 004 Risk Management.

Purpose To present the results arising from the review of Policy 004 – Risk Management and seek endorsement of the proposed changes.

In brief  At its meeting held on 17 September 2019, Council resolved to adopt a policy review work plan for 2019-2020. The policy on risk management was identified for review and is to be presented to Council at its February 2020 meeting for its consideration.  The current risk management policy has been reviewed and assessed against the Town’s revised Risk Management Framework, the Department of Local Government’s Model Risk Management Policy, policies from other local governments, and with industry best practice.  While there are several changes proposed to the policy, the main change is to ensure that the policy remains at a strategic level with the operational detail to be encompassed, instead, within an operational Management Practice.

Background

1. At its meeting held on 17 September 2019, Council resolved to adopt a policy review work plan for 2019-2020. The policy on risk management was identified for review and is to be presented to Council at its February 2020 meeting for its consideration.

2. The review was conducted internally by assessing the current risk management policy against existing practice, the Town’s Risk Management Framework, and conducting a comparative review against other local governments, such as the City of Stirling, City of Vincent, City of Perth and City of Canning. This was also reviewed against the Department of Local Government’s Model Risk Management Policy, and a sample Council Enterprise Risk Management Policy provided by the risk consultant which facilitated the Town’s review of the Risk Management Framework.

3. It is to be noted that the reviewed Risk Management Framework, which is to work in conjunction with this Policy, will be presented to the Audit Committee for its review at its February 2020 meeting.

1 of 4 Strategic alignment

Civic Leadership Strategic outcome Intended public value outcome or impact CL10 - Legislative responsibilities are resourced and By setting a robust risk management policy and managed appropriately, diligently and equitably. framework in place, the Town can mitigate risks accordingly.

Engagement

Internal engagement

Stakeholder Comments

C-Suite The proposed Risk Management Policy has been circulated to C-Suite for review and comment.

Senior Management The proposed Risk Management Policy has been circulated to the Senior Team Management Team for comment.

Legal compliance Regulation 17 of the Local Government (Audit) Regulations 1996

Risk management consideration

Risk and consequence Consequence Likelihood Overall risk Mitigation and actions rating rating analysis

Financial Moderate Likely High Adopting the reviewed Risk Not having an Management Policy appropriate risk management policy and/or framework can result in financial loss for the Town.

Reputational Moderate Likely High Adopting the reviewed Risk Not having an Management Policy appropriate risk management policy and/or framework can result in reputational damage for the Town.

Financial implications

Current budget impact Sufficient funds exist within the annual budget to address this recommendation.

2 of 4 Future budget impact Not applicable.

Analysis

4. This review sought to ensure that the current policy aligns with better practice models. Proposed changes to the current policy is a result of adopting different elements from the policies in which it has been assessed against, whilst ensuring that it remains tailored to the unique needs of the Town.

5. A review of policies from other local governments show that there is no consistent way in which policies on risk are written, and that the Department of Local Government’s Model Risk Policy has not been widely adopted. However, the comparative review conducted of other risk policies has shown that a good risk management policy contains the following key elements: (a)Council’s commitment to risk management and its objectives and/or critical success measures (b)The roles and responsibilities of different stakeholders

6. As such, changes in line with those elements are proposed to the current policy. These changes are detailed below.

Council’s commitment to risk management and its objectives and/or critical success measures

7. Although the current policy contains some information relating to Council’s commitment, it is recommended that this commitment be outlined in further detail to highlight the importance Council places on effective risk management. The changes suggested to the policy are influenced by the Department of Local Government’s Model Risk Management Policy, and the Sample Enterprise Risk Management Policy.

8. It is further proposed that the existing ‘objectives’ within the policy statement are replaced with ‘critical measures of success’, in line with the Sample Enterprise Risk Management Policy, as it details what the Council envisions as an effective risk management system. Roles and responsibilities

9. It is proposed that the ‘roles and responsibilities’ section only include those of Council, the Audit Committee and the Chief Executive Officer to ensure that the separation of roles between Council and the administration is preserved. At current, the existing policy contains roles and responsibilities for the Council, Audit Committee, Chief Executive Officer/ Strategic Management Team, Risk Management Working Group, Risk Framework Owner, and Work Areas. To ensure that roles and responsibilities for employees within the Town are preserved, it is proposed an additional role for the Chief Executive Officer be included to stipulate that they are responsible for ‘Setting a Management Practice on Risk to ensure that all employees, volunteers and contractors are aware of their roles and responsibilities relating to effective risk management’.

10. In addition, further changes are suggested to the roles and responsibility of Council, the Audit Committee, and the Chief Executive Officer to align with current practice and to reflect recent changes in legislation. This includes the removal of Council and the Audit Committee’s role in appointing an external auditor (or make recommendations thereof), and the removal of responsibilities which are already known as statutory requirements under the Act (e.g. those relating to Regulation 17 of the Local Government (Audit) Regulation 1996).

11. It is also proposed that the policy include the requirement to produce regular reports on strategic risks to the Audit Committee, the keeping of an operational risk register by the Chief Executive Officer, and provisions for escalation of risks, where appropriate. Other changes

3 of 4 12. Further minor changes have been made to references within the policy.

Relevant documents Department of Local Government’s Model Risk Management Policy 19.1 Risk Management Policy (City of Perth) Risk Management Policy (City of Stirling) 4.1.26 Risk Management (City of Vincent) Risk Management (City of Canning)

4 of 4