Council Meeting Agenda 27/07/15

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Council Meeting Agenda 27/07/15"

Transcription

1 3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in The Framework provides structure and guidance to Council s risk management activities and outlines the components that provide the foundations and organisational arrangements for designing, implementing, monitoring and reviewing risk management throughout Council s operations. In November 2014, an Internal Audit review provided a number of recommendations to review, enhance and update the Framework. Following that report, a consultant was engaged to assist with the review and update of the Framework. The revised Framework (Attachment 1) reflects all recommendations from the November 2014 Internal Audit review and includes amendments to ensure the Framework; incorporates governance requirements for the risk register and the role of the Business Enterprise Risk Committee (BERC). includes explicit links to Council s planning processes. aligns with AS/NZS 31000:2009 by including the application of the risk management principles, and incorporating emerging risk and project risk. includes a risk management action plan. maps all departments specialised risk management functions to determine how they are linked and to incorporate their risk assessment tools into the Framework. The proposed revised Framework was reviewed by the Audit Committee at its May 2015 meeting. Some minor enhancements were suggested and the committee supported the presentation of the revised Framework to Council for formal consideration and adoption. Officers' recommendation That Council resolve to adopt the revised Risk Management Framework (as annexed to the minutes). Document information City of Boroondara Risk Management Framework Page 1 of 39

2 Responsible director: Marilyn Kearney Corporate Services 1. Purpose To seek Council approval of the revised Risk Management Framework document (Attachment 1). 2. Policy implications and relevance to council plan Council s Annual Plan contains the Strategic Objectives of providing financial management processes in accordance with professional standards and legislative requirements and we will provide risk management processes in accordance with the relevant Australian Standards and legislative requirements. 3. Background Council s Risk Management Framework was adopted by Council in In November 2014, an Internal Audit review provided a number of recommendations to review, enhance and update the Framework. Following that report, a consultant was engaged to assist with the review and update of the Framework. The revised Framework (Attachment 1) reflects all recommendations from the November 2014 Internal Audit review. 4. Outline of key issues/options The November 2014 Internal Audit review recommended that the Framework be reviewed to: incorporate governance requirements for the risk register and the role of the Business Enterprise Risk Committee (BERC). include explicit links to Council s planning processes. align with AS/NZS 31000:2009 by including the application of the risk management principles, and incorporating emerging risk and project risk. include a risk management action plan. map all departments specialised risk management functions to determine how they are linked and to incorporate their risk assessment tools into the Framework. (For example business continuity, emergency management, crisis management, project management, contract management, insurance, IT disaster recovery, stakeholder management, fraud control, climate adaptation, OH&S, compliance and event management). The revised Framework addresses the recommendations made in the Internal Audit report. 5. Consultation/communication The proposed revised Framework was reviewed and discussed at the May 2015 Audit Committee meeting. The committee provided a small number of suggestions for improvement to the draft document and were supportive of the document being presented to Council for consideration and adoption. City of Boroondara Risk Management Framework Page 2 of 39

3 6. Financial and resource implications No direct financial or resource implications. Planned initiatives contained within the proposed Framework are funded from departmental operating budgets. 7. Governance issues Officers involved in the preparation of this report have no conflict of interest. The list of prescribed human rights contained in the Victorian Charter of Human Rights and Responsibilities has been reviewed in accordance with Council's Human Rights Compatibility Assessment Tool and it is considered that the proposed actions contained in this report present no breaches of, or infringements upon, those prescribed rights. 8. Social and environmental issues No direct impacts arise from consideration of this policy. 9. Conclusion The revised Framework reflects recommendations made in the November 2014 Internal Audit Report and provides guidance and structure to Council s risk management practices. The Framework highlights the role played by all Council departments in risk management and reinforces the importance of a risk focussed approach to management of Council s activities. Manager: Report officer: Chris Hurley, Commercial and Property Services Sasha Allan, Team Leader Risk Management City of Boroondara Risk Management Framework Page 3 of 39

4 Risk Management Framework 2015 Draft Responsible Directorate: Corporate Services Authorised by: Council Date of adoption: July 2015 Review date: May 2018 Revocation/sunset date: Nil Policy type: Council Page 1 of 36 City of Boroondara Risk Management Framework Page 4 of 39

5 Page 2 of 36 City of Boroondara Risk Management Framework Page 5 of 39

6 Table of contents Terminology... 5 Section One: Risk Management Framework Overview Introduction Risk Management Drivers Risk Management Standard Risk Management Principles Risk Management Mandate and Commitment Risk Management Framework Objectives Risk Management Integrated Design Section Two: Risk Management Framework Key Elements Risk Culture Risk Governance and Accountability Risk Management Resources and Planning Risk Management Process Risk Assurance Interagency Risk Management Section Three: Key Guidelines and Risk Tools Training and Education Monitor, Review and Improvement Risk Review and Register Risk Appetite Risk Likelihood Ratings Consequence Rating Calculate Risk Ratings Risk Reporting Attachment 1: Integrated Risk Management Framework Risk Maturity Performance Indicators Attachment 2: Risk Management Framework Action Plan Attachment 3: Strategic Risks Attachment 4: Risk Attestation Wording Template Page 3 of 36 City of Boroondara Risk Management Framework Page 6 of 39

7 Page 4 of 36 City of Boroondara Risk Management Framework Page 7 of 39

8 Terminology Risk management process: definitions Consequence Control Establishing the context Event External context Internal context Likelihood Monitoring Operational Risk Residual risk Risk Risk analysis Risk assessment Risk attitude Risk criteria Risk evaluation Risk identification Risk management The outcome of an event affecting organisational objectives. The measure that is modifying a risk. Defining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria. The occurrence or change of a particular set of circumstances. The external environment in which the organisation seeks to achieve its objectives. The internal environment in which the organisation seeks to achieve its objectives. The chance of a risk event occurring. Continual checking, critically observing or determining status in order to identify change from the performance level required or expected. Operational risks are linked to the Business Plan objectives and take into consideration risks which will prevent Departments from delivering their annual business plans and ongoing services to the community The risk remaining after risk treatment. The effect of uncertainty on objectives. An effect is a deviation from the expected and can be either positive or negative. The process to comprehend the nature of risk and to determine the level of risk. The overall process of risk identification, risk analysis and risk evaluation. The organisation s approach to assessing and eventually pursuing, retaining, taking or turning away from risk. The terms of reference against which the significance of a risk is evaluated. The process of comparing the results of a risk analysis with the risk criteria to determine whether the risk and/or its magnitude are acceptable or tolerable. The process of finding, recognising and describing risks. The coordinated activities to direct and control an organisation with requirements to manage risk. Page 5 of 36 City of Boroondara Risk Management Framework Page 8 of 39

9 Risk management process: definitions Risk management framework Risk management plan Risk management policy Risk management process Risk owner Risk profile Risk source Risk treatment Stakeholder Strategic Risk The set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation. The scheme within the risk management framework that specifies the approach, the management components and the resources that are to be applied to the management of risk. The statement of overall intention and direction of an organisation related to risk management. The systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk. The person or entity with the accountability and authority to manage a risk. The description of any set of risks. An element that, either alone or in combination, has the intrinsic potential to give rise to a risk. The process to modify risk. A person or organisation that can affect, be affected by or perceive themselves to be affected by a decision or activity. Strategic risks are the risks that will prevent Council from meeting the objectives outlined in the Council Plan Reference: ISO 31000:2009 Risk management Principles and guidelines, pp. 4 7 Page 6 of 36 City of Boroondara Risk Management Framework Page 9 of 39

10 Section One: Risk Management Framework Overview 1.1 Introduction This Risk Management Framework aims to support an integrated and effective approach to risk management incorporating and representing the organisation-wide approach to risk management. This Framework provides guidance on the arrangements for designing, implementing, monitoring and continually improving risk management, and outlines the drivers, principles, objectives and risk process. The Risk Management Plan is the work plan that is incorporated into the Risk Management Framework and specifies the approach, the risk management components and resources that are to be applied reflecting an integrated risk management approach. Section 1: provides an outline of the risk management principles and how they apply to the organisation, the drivers of risk management, mandate and commitment, objectives, and summarises the design of the integrated Risk Management Framework. Section 2: provides an overview and description of the Risk Management Framework features. Section 3: provides the risk assessment process, guidelines and tools to support enterprise risk management practices and decision making. This Risk Management Framework has been developed with input and review from the Executive Leadership Team, the Audit Committee, the Business Enterprise Risk Committee and was adopted by Council. 1.2 Risk Management Drivers Risk management is integral to good governance and good management. In the Local Government context: Key legislation drivers include: Local Government Act 1989 Equal Opportunity Act 2010 Planning and Environment Act 1987 Public Health and Wellbeing Act 2008 Occupational Health and Safety Act 2004 Protected Disclosure Act 2012 Charter of Human Rights & Responsibilities Act 2006 Ombudsman Act 1973 Privacy & Data Protection Act 2014 Key good governance drivers require Council and the administration to work towards: Accountability by reporting, explaining and being answerable for the consequences of decisions it has made on behalf of the community it represents. Transparency by providing avenues for people to follow and understand the decision making process. Following the rule of law by ensuring decisions are consistent with relevant legislation or common law and are within the powers of council. Responsiveness by servicing the needs of the entire community while balancing competing interests in a timely, appropriate and responsive manner. Equity and inclusion where by members of the community feel their interests have been considered by Council in the decision-making process. Participation where by community members have the opportunity to participate in the process of decision making. Page 7 of 36 City of Boroondara Risk Management Framework Page 10 of 39

11 Key external assurance drivers include: Auditor-General: The Auditor-General is an independent officer of the Victorian Parliament, appointed to examine the management of resources within the public sector on behalf of Parliament and Victorians. The Victorian Auditor General s Office audits public entities who receive government funding. There are two types of audits, financial and performance. (a) Financial: A financial audit provides assurance that the financial statements of an entity present fairly the financial position, cash flows and results of operations for the year, in accordance with relevant financial reporting frameworks and standards. (b) Performance: A performance audit assesses whether an agency is meeting its aims effectively, using its resources economically and efficiently, and complying with legislation. Ombudsman Victoria: The Ombudsman is accountable to Parliament, rather than the government of the day, and can only be dismissed by Parliament. The Ombudsman investigates complaints about administrative actions and decisions taken by government authorities and about the conduct or behaviour of their staff. Complaints can be made to the Ombudsman by any member of the public which may need to be investigated or responded to by Council. Key internal drivers include: Values (Integrity, collaboration, accountability, innovation and respect) Staff and Councillors Code of Conduct Audit Committee Internal audit program Business Enterprise Risk Committee (BERC) Frameworks (staff capability, accountability, planning) Standards Service delivery Legislation ion Governance Assurance Frameworks rks Standards ds Service City of Boroondara Enterprise Risk Management Framework Our Regulation Our mandate Our structure Our values Our people Our services Page 8 of 36 City of Boroondara Risk Management Framework Page 11 of 39

12 1.3 Risk Management Standard The risk management approach is aligned to the AS/NZS 31000:2009 Risk management-principles and guidelines (the Standard). This practice is driven by a set of principles and is supported by a risk management governance framework and a risk process methodology. AS/NZ 31000: Risk Management Principles The risk management principles which guide our risk management approach have been aligned to the Principles outlined in the Standard. They are: 1. Risk Management creates and protects value by contributing to the achievement of objectives and improving performance. 2. Risk Management is an integral part of organisational processes by not being a stand-alone activity and is an integral part of all organisational processes. 3. Risk Management is part of decision making by helping decision makers make informed choices and prioritise actions. 4. Risk Management explicitly addresses uncertainty by taking into account the nature of that uncertainty and how it can be addressed. 5. Risk Management is systematic, structured & timely and contributes to efficiency and consistency. 6. Risk Management is based on the best available information. 7. Risk Management is tailored and aligned with the organisation s external and internal context and risk profile. 8. Risk Management takes human and cultural factors into account by recognising people s capabilities and perceptions that can facilitate or hinder achievement of the organisation s objectives. 9. Risk Management is transparent and inclusive and involves stakeholders and decision makers in ensuring risk management remains relevant and up-to-date. 10. Risk Management is dynamic, iterative and responsive to change. 11. Risk Management facilitates continual improvement and enhancement of the organisation by developing and implementing strategies to improve risk maturity. 1.5 Risk Management Mandate and Commitment Management, employees, volunteers and contractors are all responsible for the successful management of risk. The risk management function resides with the Corporate Services Directorate, Commercial and Property Services Department. Page 9 of 36 City of Boroondara Risk Management Framework Page 12 of 39

13 1.6 Risk Management Framework Objectives The key objectives of the Risk Management Framework are to: Respond to the objectives of the Council Plan. Embed a commitment to the Risk Management Framework. Document accountability for the management and reporting of risks. Support a consistent risk management practice aligned to the Standard. The focus for risk management maturity includes: Increasing the competency levels of staff in the management of risk. Developing a culture where risk assessment and management is a part of everyday practice. Providing accessible resources and information to staff. Continuing to embed risk management through the integration of techniques and processes within current systems and practices. Financing the recurrent insurable risk in the most efficient way. Improving the scope and type of management information available for the monitoring and review of risks. Training for staff. Management review and reporting. An integrated Risk Management Framework has evolved and is built around six key elements. These elements are summarised in Section 1.7. Page 10 of 36 City of Boroondara Risk Management Framework Page 13 of 39

14 1.7 Risk Management Integrated Design Building an integrated and effective Risk Management Framework takes commitment and resources. Our Framework is built around the elements identified as risk: culture, governance and accountability, resources and planning, process, assurance and interagency. A brief description of the six elements is outlined below: (a) (b) (c) (d) (e) (f) Risk Culture: Risk culture is a sub-set of the organisation s culture. The risk management behaviour of the people within Council can be described as the way things are done. Risk Governance and Accountability: Governance and Accountability is the approach taken for making decisions about risk and developing, supporting, and embedding the risk framework. Risk Management Resources and Planning: Resources is the allocation of human and financial resources to oversee risk and planning. It is the thinking and organising of activities that are required to implement an integrated Risk Management Framework. Risk Management Process: Refers to the process around managing all risks, including strategic, operational and emerging risks. This involves identifying, assessing and monitoring risks through Riskware, our software system. Risk Assurance: Risk assurance is making sure the internal controls are adequately supporting the management of risk and compliance with regulations. Interagency Risk Management: These are the risks which apply to Council and can affect another agency. In some cases the flow-on effects will require intervention strategies across multiple agencies. Council s organisational risk management planning processes take into account the potential effects of organisational risks and strategies on other areas or agencies. Page 11 of 36 City of Boroondara Risk Management Framework Page 14 of 39

15 Section Two: Risk Management Framework Key Elements The purpose of this section of the Risk Management Framework is to provide an overview of the Framework s six key elements and how they apply to Council. 2.1 Risk Culture Our organisational culture is the behaviours, values and beliefs that are shared by the people within the organisation. Risk culture is fundamental to supporting governance, stakeholder confidence, trust and compliance with relevant legal and regulatory requirements for improving the control environment, the operational effectiveness and efficiency and the identification of opportunities and threats. Risk is implied within legislation, governance, service delivery, policy, planning, priority setting and risk criteria tools. The management of risk is the responsibility of all staff and this requirement is included in all position descriptions. Engagement surveys can be conducted which will inform us about our culture. Key risk performance indicators are measures which support our transparent approach to maturing risk management. The risk management performance indicators which we are working towards are provided as Attachment Risk Governance and Accountability Our risk management accountability framework is aligned to our existing accountability requirements and summarised in Table 1. Page 12 of 36 City of Boroondara Risk Management Framework Page 15 of 39

16 Table 1: Risk Management Accountability Structure Role Council Chief Executive Officer Executive Leadership Team (ELT) Managers Team Leaders and Coordinators Responsibilities Council s responsibilities are to: Adopt a Risk Management Policy that complies with the requirements of AS/NZS ISO 31000:2009 and to review and amend the Policy in a timely manner and/or as required. Adopt the Risk Management Framework for the Council. Be satisfied that risks are identified, managed & controlled appropriately to achieve Council s Strategic Objectives. Appoint and resource the Audit Committee. Provide adequate budgetary provision for the financing of risk management including approved risk mitigation activities. Review Council s risk appetite. The Chief Executive Officer is accountable for the implementation and maintenance of risk management policies and processes across the organisation. The CEO is responsible for ensuring that strategic risks are regularly reviewed. The Chief Executive Officer is responsible for raising awareness and leading the culture of managing risk responsibly across the organisation. Promote and champion a strong risk management culture by linking and embedding risk management, and maintaining organisational risk focus across Council Manage and monitor the strategic risks. Ensure that an effective risk control environment is implemented and maintained. Ensure that risks are considered and integrated into corporate and business planning processes. Participate in the review and updating of the organisation s strategic risk profiles. Ensure that accountabilities for managing risks are clearly defined. Managers are accountable for implementing the risk management practices in their area of responsibility. This includes ensuring that risks are identified, managed, reviewed and updated regularly. Ensure that assets and operations, together with liability risk to the community, are adequately protected through treatment plans and measures. Provide risk management related information as requested by their Directorate. Managers are responsible for raising awareness and leading the culture of managing risk responsibly across the organisation by ensuring that risk management policies, procedures, standards, guidelines and risk management treatment plans are implemented in everyday business practice. Advising of any risk management matter that should be included in forthcoming budgets. Are responsible for raising awareness and leading the culture of managing risk responsibly across the organisation by assisting with the implementation of risk management policies, procedures, standards, guidelines and risk treatment plans. Page 13 of 36 City of Boroondara Risk Management Framework Page 16 of 39

17 Role Responsibilities Internal Auditor The internal auditor reviews operational and strategic risks annually as part of the development of the Three Year Strategic Internal Audit Plan. The Risk Management Framework directs the focus of audit resources to ensure higher level risks are reviewed. Risk controls and treatment plans are considered as part of each internal audit review. The Internal Auditor liaises with the Risk Management Team to share Risk Management Team information and knowledge. The Risk Management Team are responsible for overseeing the development, facilitation and implementation of a risk management culture and framework, including training and awareness across the organisation. They also provide advice to the organisation and are responsible for strategic overview. Page 14 of 36 City of Boroondara Risk Management Framework Page 17 of 39

18 Role All staff Business Enterprise Risk Committee (BERC) Audit Committee Responsibilities All staff are responsible for applying risk management practices in their business activities. This involves: Systematically identifying, analysing, evaluating and treating risks. Maintaining awareness of current and potential risks that relate to areas of responsibility. Risk management practices and treatments are regularly reviewed and monitored. Risk management reporting is appropriately undertaken. Advice to Managers of any risk issues believed to require attention, such as property exposures for potential loss or damage and community risk. The purpose of the BERC is to monitor Council s approach to risk management as outlined in the scope and to provide advice and recommendations to the Executive Leadership Team. Scope: To oversee the strategic direction of the Risk Management Framework in relation to non-oh&s-related risk management issues. Make recommendations in relation to risk policies and procedures. To review recommendations of JMAPP reports and MAV risk reviews/audits and identify appropriate actions. To monitor performance in the completion of new risk control plans and review of existing risk control plans. To monitor strategies for reducing risk in identified areas. To monitor and ensure the accuracy of the strategic risk register. Monitor and report to ELT regarding the implementation of the Risk Management Framework. Monitor Council s insurance portfolio and identify any potential exposures. Provide advice to management on the resolution of the organisation's high risk issues as identified. Assist in the resolution of issues referred to the Committee for consideration. Monitor Business Continuity Planning programs across Council. On behalf of Council, the purpose of Audit Committee is to oversee that Council carries out its responsibilities for accountable financial management, good corporate governance, fostering an ethical environment and maintains a system of internal control and risk management. They have been constituted to monitor and report on the systems and activities of Council in ensuring: Reliable financial reporting and management information. High standards of corporate governance. Appropriate application of accounting policies. Compliance with applicable laws and regulations. Effective monitoring and control of all identified risks. Effective and efficient internal and external audit functions. Measures to provide early warning of any issues affecting the organisation's financial well-being. The level and effectiveness of appropriate Crisis Management, Business Continuity and Disaster Recovery planning. Maintenance and fostering an ethical environment. Page 15 of 36 City of Boroondara Risk Management Framework Page 18 of 39

19 2.3 Risk Management Resources and Planning Risk management resources and planning are embedded within existing processes and operates on a number of levels. A summary of our integrated approach to resources and planning is outlined below: Responsibility for risk management is outlined in our Risk Management Accountability Structure (Refer to Table 1). Risk management resources are embedded within all Departments across all functions. Leadership for specialist related risk areas are overseen by Departmental Managers. For example, o responsibility for overseeing business continuity management, insurance, the fraud control plan, procurement, and internal audit resides with Commercial and Property Services; o responsibility for overseeing business planning and finance accounting systems resides with Finance and Corporate Planning; o responsibility for overseeing the Occupational Health and Safety program resides with People, Culture and Development; o responsibility for overseeing risk matters relating to stakeholder engagement programs resides with Communications and Engagement; o responsibility for overseeing the Code of Conduct resides with Governance; and o responsibility for overseeing climate adaptation risks resides with Environment and Sustainable Living. o responsibility for Emergency Management procedures resides with Infrastructure Services and Health Aged and Disability Services (HAADS) o responsibility for major project risks resides with Projects and Strategy o responsibility for IT disaster recovery risks resides with Information Technology Infrastructure Services and HAADS oversee the Emergency Management Procedures People, Culture & Development oversee OH&S risks Governance oversee compliance and code of conduct Information Technology oversee IT Disaster Recovery risks Risk Management Communications and Engagement oversee Stakeholder Enagement risks and Social Media risks Commercial and Property Services oversee Fraud risks Projects and Strategy oversee Project risks Environment and Sustainable Living oversee Climate Adaptation risks Page 16 of 36 City of Boroondara Risk Management Framework Page 19 of 39

20 Our approach to enterprise risk management is aligned to our strategic and business planning frameworks. Strategic risks are overseen by BERC and operational risks are identified and monitored as part of our annual business planning cycle. Our risk register is enabled by a licenced enterprise risk information system (Risk ware) Our maturity and performance can be measured against our integrated risk management performance indicators. Our continual improvement program is outlined in the risk management action plan. The risk management action plan requirements are reviewed annually. The risk management action plan is provided as Attachment Risk Management Process Risk is the effect of uncertainty on objectives. The risk management process takes into account risk from a number of perspectives: strategic, operational and emerging. Strategic risk Strategic risks are the risks that will prevent Council from meeting the objectives outlined in the Council Plan. Strategic risks should be few in number and are the critical risks for the organisation and considered in the same time horizon as the Council Plan. The Council Plan describes the vision and strategic objectives of the elected Council based on the following key themes: Strong and engaged communities; Sustainable environment; Enhanced amenity; Quality facilities and assets; and responsible management The strategic risks are annually reviewed by BERC and ELT. A summary of the strategic risks are provided as Attachment 3. Operational risk Operational risks are linked to the Business Plan objectives and take into consideration risks which will prevent Departments from delivering their annual business plans and ongoing services to the community. These risks are linked to the strategic risk profile. The Annual Plan details the actions that will be undertaken in support of the Council Plan objectives. It details how the strategic objectives will be delivered. Each Department is required to undertake a risk assessment in accordance with this Framework to determine the risks in meeting its delegated statutory obligations and stated objectives. This process is incorporated into the business planning process. Emerging risk Emerging risks are newly developing or changing risks and therefore by their nature are difficult to identify and evaluate. Characteristics of emerging risks commonly include a high level of uncertainty, lack of consensus, difficult to communicate, difficult to assign ownership and often are systemic or business practice issues. The BERC has a standing agenda item to review emerging risks as part of their quarterly meeting cycle. As required the emerging risks will be escalated for discussion to ELT. 2.5 Risk Assurance The risk management validation and assurance program operates on a number of levels from management reviews to internal and external reviews. Management reviews: These reviews are initiated by management to inform and to provide advice to management about the organisation. Page 17 of 36 City of Boroondara Risk Management Framework Page 20 of 39

21 Audit services: The internal audit program is overseen by the Commercial & Property Services Department. The internal audit plan is developed with consideration to the strategic and operational business risk profile. The internal audit program is designed as a rolling three year plan based on risk against which Internal Audit is to prepare audit reports for the Audit Committee's consideration. These audit reports are to also include, where applicable, management responses, accountabilities and timelines for corrective actions. This plan shall detail the nature and timing of reports to be presented to the Audit Committee and to Council and will reflect the priorities and functions of the Audit Committee as detailed in their Charter. External reviews: These reviews are conducted by an agency external to Council. Typically the agencies which currently conduct independent reviews are the Victorian Auditor General s Office and Ombudsman Victoria. A brief overview of the role of their offices is provided below. Victorian Auditor General s Office: The Auditor-General is an independent officer of the Victorian Parliament, appointed under legislation to examine, on behalf of Parliament and the Victorian taxpayers, the management of resources within the public sector. The independence of the Auditor-General is enshrined in Victoria s Constitution Act This aims to ensure that findings that arise from financial statements and performance audits are communicated to Parliament. The Audit Act 1994 is the main legislation governing the powers and functions of the Auditor-General. The Council is subject to financial and performance audit reviews. The Commercial & Property Services Department is the conduit between the Victorian Auditor- General s Office. Ombudsman Victoria reviews: The Ombudsman is an officer of the Victorian Parliament and has the power to investigate decisions, actions and conduct of Victorian government departments and statutory bodies and employees of local government (councils). The Ombudsman investigates complaints about administrative actions and decisions taken by government authorities and about the conduct or behaviour of their staff. Cultural Survey: People, Culture and Development conduct biennial whole of staff engagement survey s that will be utilised to measure and test staff s perception of Council s risk management culture. The results are reported to the Executive Leadership Team and where appropriate incorporated into an action plan. Attestation requirements: A risk attestation process has been established requiring Managers and Directors to attest that critical risks are reviewed annually and internal control systems are robust. The risk attestation process is consistent with State Government and public companies. The Directors and Managers will attest to the CEO that their risk management approach is aligned to the Risk Management Framework and an internal control system is in place that enables Managers and Directors to understand, manage and satisfactorily control risk exposures. The risk attestation statement is provided as Attachment Interagency Risk Management Interagency risks are the risks which apply to Council and can affect another agency. In some cases the flow-on effects will require intervention strategies across multiple agencies. Council s organisational risk management planning processes take into account the potential effects of organisational risks and strategies on other areas or agencies. Where interagency risks have been identified, there are appropriate consultation and communication channels to relevant agencies. Section Three: Key Guidelines and Risk Tools The process of risk management involves risk identification, risk analysis, evaluation of risk treatment options and implementation of the appropriate treatment options. There are a number of steps within this process. The basic risk management process methodology follows the AS/NZS ISO 31000:2009 risk management approach as per the diagram below: Page 18 of 36 City of Boroondara Risk Management Framework Page 21 of 39

22 A key output from the risk management process is the risk assessment. The risk management process must incorporate a defined methodology for completing a risk assessment. The table below outlines the risk process: Page 19 of 36 City of Boroondara Risk Management Framework Page 22 of 39

23 Communication and Consultation Step 1: Establish the Context Organisation s objectives Set scope for risk criteria Step 2: Identify Risks What can happen? When, Where? How and Why? Step 3: Analyse Risks Identify existing controls Determine level of risk Step 6: Monitor and Review Inspections, Reports, Evaluations Audit Communication and Consultation Step 5: Treat Risks Identify options Assess options Develop treatment plans Assess the cost implications Step 4: Evaluate Risks Compare against criteria Set priorities Page 20 of 36 City of Boroondara Risk Management Framework Page 23 of 39

24 3.1 Training and Education Risk management training and awareness is recognised as an important requirement for all staff and a training schedule has been developed. These are designed to increase the knowledge and awareness of staff and management in a number of risk management topics including general risk management, liability, fraud awareness, environment, events and Business Continuity. In addition to formal training the Risk Management Team act as specialist advisors to staff. This includes help with identifying and assessing risk exposures and the steps in developing, implementing and monitoring of sustainable control measures. 3.2 Monitor, Review and Improvement A continual process of monitor, review and improvement of all components of the Risk Management Framework is required to ensure an effective and up-to-date Framework. Monitoring the Framework involves inspections, reports, self-assessments or audits to assess whether objectives of the Framework components are being achieved. Reviewing the Framework involves assessing whether various components of the Framework still match the risk profile. This assessment may involve the review of policies, strategies and processes. 3.3 Risk Review and Register Risks are identified and mitigated at all levels of the organisation using a top down and bottom up assessment process. The Risk Register is a database that allows Managers and Directors to register and monitor risks associated with business operations. Coordinators and Team Leaders have the delegated responsibility to review and monitor risks as determined by their Manager. These risks may be linked to various plans or projects/council works or events. Risks need to be regularly reviewed according to their risk rating. The review dates for the different levels of risk are listed below, the review date for risks need to be realistic and linked to those accountable. The appropriate review schedule is shown below. Level of risk Low Medium High Extreme Review Yearly Half yearly Quarterly Monthly 3.4 Risk Appetite Risk appetite refers to the risk exposures that are or are not tolerated. The consequence table and risk matrix below determine how the risk is rated. The rating then determines the tolerance level of that risk. This is referred to as risk appetite. The table below outlines the risk tolerance level and risk escalation expectations and reporting requirements. Page 21 of 36 City of Boroondara Risk Management Framework Page 24 of 39

25 Extreme High Moderate Low Needs Active Management Needs Regular Monitoring Needs Periodic Monitoring No Major Concerns A risk treatment plan must be established and implemented. A treatment process should be adopted, primarily focused on paying close attention to the maintenance of excellent/good controls. A treatment process should be adopted, primarily focused on monitoring risks in conjunction with a review of existing control procedures. Significant management effort should not be directed towards the risk in this section of the risk matrix. The residual rating for a particular risk is based on its potential impact and the likelihood of the risk event given the quality of the control process designed to reduce the likelihood and impact. Consequence Likelihood Negligible Minor Moderate Major Catastrophic Almost Certain Moderate High High Extreme Extreme Likely Moderate Moderate High High Extreme Possible Low Moderate High High High Unlikely Low Low Moderate Moderate High Rare Low Low Moderate Moderate High After the risk rating has been determined, the business area must assess what treatment, if any, will be applied to those risks.. Each treatment plan must be assessed to determine if the cost of implementing the plan outweighs the derived benefit. However there will be situations where due to legal or social reasons the cost will not be a factor in the treatment plan and this will usually be the case when there is a rare or severe risk. 3.5 Risk Likelihood Ratings Some events happen once in a lifetime. Others can happen almost every day. Analysing risks requires an assessment of the frequency of occurrence. The following table provides broad descriptions used to support likelihood ratings. The occurrence should be considered, initially, without reference to known management/mitigating practices. Page 22 of 36 City of Boroondara Risk Management Framework Page 25 of 39

26 Likelihood Rating Definition table ALMOST CERTAIN LIKELY POSSIBLE UNLIKELY RARE Definition Event is expected to occur in most circumstances. Event is imminent for specific item. Event will probably occur in most circumstances. Event might occur at some time. Event could occur at some time Event may occur only in exceptional circumstances Anticipated Frequency In the order of 100 times a year In the order of 10 times per year Annually Once in every 10 years Once in 100 years AS/NZS ISO 31000/2009 Page 23 of 36 City of Boroondara Risk Management Framework Page 26 of 39

27 3.6 Consequence Rating Consequences can be described in a number of ways and determine an organisation's risk appetite. Each consequence can be rated in terms of its severity from minor to catastrophic. The following table provides descriptions for levels of consequence. DESCRIPTION INJURY (STAFF OR PUBLIC) FINANCIAL LOSS ENVIRONMENTAL IMPACT REPUTATION LEGISLATION & REGULATIONS STRATEGIC CATASTROPHIC Death/s > significant financial loss (e.g.> $5 Million) Toxic release off site with long term effects Substantial / long term damage to flora / fauna, soil / water Very high customer sensitivity and irreparable damage to Council name. National/international media coverage Total failure to meet relevant legislation and regulations leading to dismissal of Council. Selection of a strategic direction that negatively impacts on the future of Council. MAJOR Serious injury to one or more persons resulting in a permanent disability Major financial loss (e.g. >$1M - $5M) Off-site release with no long term effects Limited damage to flora/fauna, soil / water Significant customer sensitivity and damage to Council name Statewide Media coverage Failure to meet relevant legislation and regulations resulting in Material fines, penalties and restrictions on Council operations due to regulatory noncompliance. Senior employees charged for breaches/fraud. Selection of a strategic direction which requires significant resources, both monitoring and time to correct, impacting a part of Council MODERATE Injury requiring hospitalisation to one or more persons High financial loss (e.g. >$50,000 - $1M) On site release contained with outside assistance No damage to flora / fauna and short term effects on soil, water and air Moderate customer sensitivity and damage to Council name impacting noticeably on business activities Significant local community coverage Activity does not meet all of the requirements of relevant Australian Standards exposing Council to possible litigation risks. Selection of a strategic direction which impacts on smaller parts of Council and will require considerable resources to correct MINOR Minor injury requiring first aid only Medium financial loss (e.g. >$10,000 - $50,000) On site release contained immediately Minimal customer sensitivity and damage to Council name Limited local community coverage Activity does not follow relevant established Industry / Victorian / Australian guidelines Minimal impact on strategic / operational objectives INSIGNIFICANT Injury requiring no medical treatment Low financial loss (e.g. < $10,000) Minor leak, noncontaminating No impact on reputation of Council No media coverage No regulatory impact Consequences are dealt with by routine operations Page 24 of 36 City of Boroondara Risk Management Framework Page 27 of 39

28 3.8 Calculate Risk Ratings Risk Rating Process The process for calculating a risk rating is: 1. Identify appropriate consequence rating (refer Consequence Definition Table) 2. Identify appropriate likelihood rating (refer Likelihood Definition Table) 3. Ascertain risk rating by cross referencing the consequence and likelihood ratings (refer Risk Matrix). The table below identifies the definition and outcomes for the risk ratings. These outcomes are to be considered when developing Risk Control Plans. Page 25 of 36 City of Boroondara Risk Management Framework Page 28 of 39

29 RISK RATING OUTCOMES TABLE EXTREME (E) HIGH (H) MODERATE (M) LOW (L) Extreme risk is unacceptable. Comprehensive consideration by ELT required to ensure that the risk remaining is consistent with corporate objectives and risk appetite. If not, detailed research and planning is required to mitigate risk. Attention required to assess the acceptability of remaining risk or required mitigation measures. Management need to ensure that necessary mitigation actions are carried out and the risk does not increase by actively monitoring any changes to the control environment, consequence and likelihood. Management/team leaders to ensure that the control environment, consequence and likelihood does not substantially change. Consider the implementation of any additional cost effective controls. Manage by routine procedures and be mindful of changes to nature of risks. Consider the implementation of any cost effective internal controls. 3.9 Risk Reporting There is a structured approach to risk reporting. The matrix below details which information will be reported throughout the organisation together with the reporting frequency. The Risk Management Team is responsible for reporting to Senior Management on all risks that are due for review and current risk trends. Managers and Directors are responsible for reporting on risks that are due for review within each Quarter. Reporting will be on a rotational basis dependent on the risk rating schedule as per the table at 3.3. Risk Management Team Summary of risk information Audit Committee Executive Group Strategic risks yearly Quarterlydependant on risk rating Operational risks only extreme risks to be reported yearly Director Quarterly Department Manager Quarterly Half-yearly Quarterly Quarterly Risk trends yearly Half-yearly Half yearly Quarterly Page 26 of 36 City of Boroondara Risk Management Framework Page 29 of 39

30 Managers and Directors Summary of risk information Audit Committee Executive Group Director Strategic risks Yearly Quarterly Quarterly Operational risks only extreme risks to be reported on yearly Half yearly Quarterly A summary of the risk reporting parameters includes the following: Strategic risks All strategic risks as required by their risk ratings in the risk register, specifically the risk control/treatment plans for each of these risks. By providing the status updates on the implementation of risk control/treatment plans provides important information on the implementation of risk mitigation strategies. Operational risks the extreme risks as per the residual risk ratings in the risk register. Risk owners will provide treatment plans for the mitigation of these risks. Risk trends trend analysis to assist in identifying emerging risks and those increasing risk frequency which may be indicative of systematic flaws in risk control strategies. Date approved: Accountable officer: Responsible officer: Endorsed by: Approved by: Chris Hurley, Manager Commercial and Property Services Sasha Allan, Team Leader Risk Management Marilyn Kearney, Director Corporate Services Chief Executive Officer Next review: May 2018 Page 27 of 36 City of Boroondara Risk Management Framework Page 30 of 39

31 Attachments Attachment 1: Integrated Risk Management Framework Risk Maturity Performance Indicators Attachment 2: Risk Management Framework Action Plan Attachment 3: Strategic Risks Attachment 4: Risk Attestation Wording Template Page 28 of 36 City of Boroondara Risk Management Framework Page 31 of 39

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Council policy Approved Manager Organisational Development Risk Management Committee Council DATE ADOPTED:

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational Development

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Victorian Government Risk Management Framework. March 2015

Victorian Government Risk Management Framework. March 2015 Victorian Government Risk Management Framework March 2015 This document reproduces parts of the AS/NZS ISO 31000:2099 Risk Management Principles and Guidelines. Permission has been granted by SAI Global

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Policy and Procedure Statement

Policy and Procedure Statement Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,

More information

Risk Management Framework

Risk Management Framework Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY 1. Purpose The purpose of the Risk Management Policy is to embed risk management as part of the culture of AFTRS where a shared understanding of risk leads to well-informed decision

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

4 Adoption of Asset Management Policy and Strategy

4 Adoption of Asset Management Policy and Strategy 4 Adoption of Asset Management Policy and Strategy Abstract The report recommends the adoption of an updated Asset Management Policy 2014 and an Asset Management Strategy 2014-2019. Both documents are

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY 1. POLICY STATEMENT Having regard to AS/NZS ISO 31000 Risk Management, it shall be the Policy of SRW to manage risk to protect public safety, quality

More information

Risk Management Policy

Risk Management Policy Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

Managing Risk in Procurement Guideline

Managing Risk in Procurement Guideline Guideline DECD 14/10038 Managing Risk in Procurement Guideline Summary The Managing Risk in Procurement Guideline assists in the identification and minimisation of risks involved in the acquisition of

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Risk Management Strategy 2012-2014

Risk Management Strategy 2012-2014 Management Strategy 2012-2014 Mission: To support and develop a sustainable, thriving and resilient community through leadership and partnerships NOTE: This Document should be read in conjunction with

More information

RISK MANAGEMENT STRATEGY AND FRAMEWORK

RISK MANAGEMENT STRATEGY AND FRAMEWORK Uniting Church in Australia Synod of Victoria and Tasmania RISK MANAGEMENT STRATEGY AND FRAMEWORK Prepared by: Synod Risk Management Committee Date Prepared and Issued: February 2010 S:\AdminFinance\EDAF\Risk

More information

The University of Adelaide RISK MANAGEMENT HANDBOOK

The University of Adelaide RISK MANAGEMENT HANDBOOK The University of Adelaide RISK MANAGEMENT HANDBOOK CONTENTS PART A: Introduction 2 1. Risk Management Standard 3 2. Risk management - in general 4 3. Risk management - in the University context 5 PART

More information

Risk Management and Risk Assessment Policy

Risk Management and Risk Assessment Policy SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles

Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles Governance Framework for Special Purpose Vehicles Table of Contents Executive Summary...3

More information

RISK MANAGEMENT STRATEGY 2013-2016

RISK MANAGEMENT STRATEGY 2013-2016 RISK MANAGEMENT STRATEGY 2013-2016 As presented and endorsed by the Mornington Peninsula Shire s Audit Committee at its meeting of 20 February, 2013 and subsequent adoption by Council at its meeting of

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

Shepway District Council Risk Management Policy

Shepway District Council Risk Management Policy Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk

More information

Better Practice Guide

Better Practice Guide Better Practice Guide June 2008 Risk Management COMCOVER Commonwealth of Australia 2008 ISBN 1 921182 78 4 print ISBN 1 921182 79 2 online Department of Finance and Deregulation This work is copyright.

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

CORPORATE PERFORMANCE MANAGEMENT GUIDELINE

CORPORATE PERFORMANCE MANAGEMENT GUIDELINE -001 CORPORATE PERFORMANCE MANAGEMENT GUIDELINE -001 TABLE OF CONTENTS 1 Introduction... 3 1.1 Scope... 3 1.2 Purpose... 3 2 Performance Management Framework Overview... 4 3 Performance Management Framework...

More information

Corporate Health and Safety Policy

Corporate Health and Safety Policy Corporate Health and Safety Policy November 2013 Ref: HSP/V01/13 EALING COUNCIL Table of Contents PART 1: POLICY STATEMENT... 3 PART 2: ORGANISATION... 4 2.1 THE COUNCIL:... 4 2.2 ALLOCATION OF RESPONSIBILITY...

More information

Policy (Board Approved)

Policy (Board Approved) Policy (Board Approved) Compliance and Regulatory Management Document Number GOV-POL-20 1.0 Policy Statement Stanwell Corporation Limited (Stanwell) is a Queensland company Government Owned corporation.

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Effective from 4 July 2015 Version Number: 2.1 Author: Director of Planning Planning Directorate Document Control Information Status and reason for development Revised updating the

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

Core Infrastructure Risk Management Plan

Core Infrastructure Risk Management Plan SHIRE OF MOUNT MAGNET Roads and Buildings Core Infrastructure Risk Management Plan Version 1 May 2013 AM4SRRC Document Control Asset Management for Small, Rural or Remote Communities Document ID: 59_280_110211

More information

INTERNAL AUDIT FRAMEWORK

INTERNAL AUDIT FRAMEWORK INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...

More information

CORPORATE GOVERNANCE FRAMEWORK

CORPORATE GOVERNANCE FRAMEWORK CORPORATE GOVERNANCE FRAMEWORK TABLE OF CONTENTS 1 INTRODUCTION 3 2 PURPOSE 3 3 SCOPE 3 4 GOVERNANCE PRINCIPLES 3 4.1 THREE LINES OF DEFENCE 4 4.2 COMBINED ASSURANCE 4 4.3 FIT AND PROPER REQUIREMENTS FOR

More information

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015 FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Government Owned Corporations. Corporate Governance Guidelines for Government Owned Corporations

Government Owned Corporations. Corporate Governance Guidelines for Government Owned Corporations Government Owned Corporations Corporate Governance Guidelines for Government Owned Corporations Version 2.0 The State of Queensland (Queensland Treasury) The Queensland Government supports and encourages

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES

ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES December 2015 NLC Enterprise Risk Management Guidelines Contents INTRODUCTION... 3 1. Enterprise Risk Management Principles... 5 2. The

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Category or Type Originally approved by, and date Administration and Management Vice Chancellor at VCAG on December 2008 Last approved revision October 2011 Sponsor Chief Operating

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Discipline: Technical Services Category: Procedure. Risk Management RM-01 2013. Applicability. ARTC Network Wide. Interstate Network.

Discipline: Technical Services Category: Procedure. Risk Management RM-01 2013. Applicability. ARTC Network Wide. Interstate Network. Discipline: Technical Services Category: Procedure Risk Management RM-01 2013 Applicability ARTC Network Wide Interstate Network Hunter Valley Document Status Version Prepared by Reviewed by Endorsed Approved

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Capital Adequacy: Advanced Measurement Approaches to Operational Risk Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements

More information

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper august09 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper Preface Corporate governance - which refers broadly to the processes

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14 For North Simcoe Muskoka LHIN Health Service Providers Table of Contents Purpose of this document... 2 Introduction... 3 What is Risk?... 4 What

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Performance audit report. Ministry of Education: Monitoring and supporting school boards of trustees

Performance audit report. Ministry of Education: Monitoring and supporting school boards of trustees Performance audit report Ministry of Education: Monitoring and supporting school boards of trustees Office of the Auditor-General Private Box 3928, Wellington 6140 Telephone: (04) 917 1500 Facsimile: (04)

More information

WFP ENTERPRISE RISK MANAGEMENT POLICY

WFP ENTERPRISE RISK MANAGEMENT POLICY WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement

More information

ENTERPRISE RISK M A NAGEMENT POLICY

ENTERPRISE RISK M A NAGEMENT POLICY Tablelands Regional Council ENTERPRISE RISK M A NAGEMENT POLICY Draft Final Policy No: PD 3.3.1 File ref: PD 3.3.1 Policy Section: INSURANCE AND RISK MANAGEMENT Version: 1 Date Adopted: 7 July 2010 Review

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles Application of Corporate Governance Principles Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have been applied

More information

South Oxfordshire District Council and Vale of White Horse District Council Risk Management Strategy

South Oxfordshire District Council and Vale of White Horse District Council Risk Management Strategy 2013 2016 South Oxfordshire District Council and Vale of White Horse District Council Risk Management Strategy 2013-2016 1 1 Context 3 SCOPE 3 WHAT IS RISK MANAGEMENT? 3 LOCAL AND NATIONAL DRIVERS 3 Business

More information

Position Description

Position Description Position Description POSITION TITLE Risk and Compliance Coordinator POSITION NO 500024 DIRECTORATE DEPARTMENT UNIT REPORTS TO Corporate Services Organisational Development Risk and Compliance Manager Organisational

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:

More information

SCHEDULE 3 Generalist Claims 2015

SCHEDULE 3 Generalist Claims 2015 SCHEDULE 3 Generalist Claims 2015 Nominal Insurer And Schedule 3 (Claims) Page: 1 of 23 Contents Overview... 3 1. Scope of Services... 4 1.1 Claims Services... 4 1.2 Claims Process... 5 1.3 Assessment

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and

More information

Financial Management Framework >> Overview Diagram

Financial Management Framework >> Overview Diagram June 2012 The State of Queensland (Queensland Treasury) June 2012 Except where otherwise noted you are free to copy, communicate and adapt this work, as long as you attribute the authors. This document

More information

Board Charter. May 2014

Board Charter. May 2014 May 2014 Document History and Version Control Document History Document Title: Board Charter Document Type: Charter Owner: Board [Company Secretary] Description of content: Corporate Governance practices

More information

Operations. Group Standard. Business Operations process forms the core of all our business activities

Operations. Group Standard. Business Operations process forms the core of all our business activities Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management

More information

Bedford Group of Drainage Boards

Bedford Group of Drainage Boards Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Aegon Global Compliance

Aegon Global Compliance Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group

More information

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218 Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

Title: OHS Risk Management Procedure

Title: OHS Risk Management Procedure Issue Date: July 2011 Review Date: July 2013 Page Number: 1 of 9 1. Purpose: To outline the methodology by which Department of Education and Early Childhood Development (DEECD) identifies, assesses, controls

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Code of Corporate Governance. Appendix 22 INTRODUCTION

Code of Corporate Governance. Appendix 22 INTRODUCTION Appendix 22 INTRODUCTION Corporate governance is a phrase used to describe how organisations direct and control what they do. For local authorities this also includes how a council relates to the communities

More information

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014 An Introduction to Risk Management For Event Holders in Western Australia May 2014 Tourism Western Australia Level 9, 2 Mill Street PERTH WA 6000 GPO Box X2261 PERTH WA 6847 Tel: +61 8 9262 1700 Fax: +61

More information

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE

More information

Audit, Risk Management and Compliance Committee Charter

Audit, Risk Management and Compliance Committee Charter Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition

More information

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers Appendix 1 RISK MANAGEMENT POLICY AND STRATEGY Document Status: Draft Originator: A Struthers Updated: A Struthers Owner: Executive Director Corporate Services Version: 01.01.03 Date: 30/3/14 Approved

More information

Page 1 of 24. To present the Asset Management Policy 2014 for Council adoption.

Page 1 of 24. To present the Asset Management Policy 2014 for Council adoption. Page 1 of 24 COMMUNITY AND SERVICES SPECIAL COMMITTEE REPORT 9 DECEMBER 2104 AGENDA ITEM 6.1 ASSET MANAGEMENT POLICY 2014 REVIEW Director: Manager: Ian Butterworth Director Infrastructure and Engineering

More information

State Records Guideline No 25. Managing Information Risk

State Records Guideline No 25. Managing Information Risk State Records Guideline No 25 Managing Information Risk Table of Contents 1 Introduction... 4 1.1 Purpose... 4 1.2 Authority... 4 2 Risk Management and Information... 5 2.1 Overview... 5 2.2 Risk management...

More information