CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

Transcription

1 CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO Risk Management Principles and Guidelines 2. Plicy Statement This plicy A. supprts Enterprise Risk Management as a crucial prcess t assist in the reductin f current and future risks that impact n the peratins f the Casswary Cast Reginal Cuncil, and best utilises pprtunities that are identified; and B. intended t demnstrate that Cuncil understands and manages risk, whilst seeking t ensure that there is cnsistency t the methds used in assessing, mnitring and cmmunicating risks acrss the rganisatin. 3. Objectives The main bjective is t develp and maintain a prgram where strategic, peratinal and prject risks are managed t ensure that the cmmunity and the cuncil are prtected against lss by adding clarity and cnfidence t decisin making. This will place cuncil in a psitin t capitalise n pprtunities by prviding a better understanding f the implicatins f decisin-making ver the lng term. The enterprise risk management system is designed t Build an rganisatinal culture that values risk management Cmpliments and strengthens the crprate and peratinal planning prcess Links with cuncils wrkplace health and safety management plan Incrprates cmmunicatin, training and awareness f risk management prcesses Underpins and integrates risk management within decisin-making f Cuncil Facilitates the auditing f risk management cntrl prcesses. 4. Principles Cuncil s risk management prcesses are based arund the fllwing key risk activities Reprt risk management activities and risk specific infrmatin in accrdance with the risk prtcls. Reprts t Cuncil n all Cuncil prjects will include a risk prfile as part f the business r prject plan. Decisin making at Cuncil will be risk based. Cuncil will ensure that risk management becmes part f day-t-day management.

2 All strategic, peratinal and prject risks will be identified and rated using Cuncil s enterprise wide risk management framewrk. Cuncil will ensure that all staff receive the necessary training and supprt they required t ensure a full understanding f the imprtance f risk management t the rganisatin. Staff will be prvided with the plicies and prcedures necessary t manage risks. Staff are t be made aware f risks and hw t manage them. The strategic risk prfile will be mnitred and a cntinuus imprvement apprach t risk management will be maintained. 5. Scpe Sme f the key drivers fr risk management include sund gvernance, legislative framewrks, decisin making, envirnmental sustainability and financial sustainability. It applies t all Cuncil peratins and business units. Risk management will be Integrated int crprate, peratinal and prject planning Used as a critical business tl in decisin making Used as a critical part f prject management 6. Rles and Respnsibility Cuncil Grup Rle Respnsibilities Prvides versight and review Respnsible fr utilising and supprting gd risk management principles t guide decisin making, and shuld include a cnsideratin f ptential risks and pprtunities in a brader cntext f cuncil s as well as the cmmunity s pririties. Review reprts Cmmunicate risk infrmatin issues back t the rganisatin Chief Executive Officer Drives culture f risk mitigatin. Supprts ERM implementatin prcess Has the verall respnsibility fr develping risk management systems, plicies and prcedures and reprting n the identificatin, assessment and management f risks as well as the status and effectiveness f risk treatments. Review reprts Clsely mnitr extreme risks

3 Grup Rle Respnsibilities Audit Cmmittee Reviews risk status, endrses risk strategy, plicy Review reprts Cmmunicate risk infrmatin issues back t the rganisatin Cmmunicate key risk issues t the Cuncil Internal Audit Assists in ensuring cuncil's crprate gal f "Respnsible Gvernance" is achieved. The Internal Audit team is respnsible t the Chief Executive Officer and cuncil's Audit Cmmittee and is independent f ther fficers and departments within cuncil. Internal Audit specifically Undertakes assurance services in accrdance with internatinal standards. Assurance services include peratinal, financial and cmpliance assurance, invlving all f cuncil and cvering regulatry requirements, plicy and prcedures, efficiency and effectiveness f prcesses and peratinal perfrmance t assist cuncil in the management f risk. Cnduct an internal audit review f ERM as required. Enterprise Risk Management Cmmittee Drive and mnitr the ERM prcess n an nging basis. Further develpment f the ERM Framewrk, guidelines and plicies required fr the nging implementatin and management f the ERM prcess thrugh cuncil. Mderatin f new risk registers as required. Implementatin f Prject Risk Registers Integratin and review f Business Cntinuity and Disaster Management int ERM Prcess. Facilitate the ERM Review and Audit prcess acrss Cuncil. Directrs Supprt risk culture, manage & identify risks Are respnsible fr implementing risk management systems, plicies and prcedures, maintaining up-t-date registers, and reprting against risks as required. Review reprts Cmmunicate key risk issues t the Audit and Risk Cmmittees Build capacity fr the Management f risks Risk Owner Mst senir staff member within a Prgram area with the apprpriate knwledge and skills - 1. Managers 2. Supervisrs 3. Crdinatrs Respnsible Officer Mnitr and review risks they wn Mnitr and review risks they wn/and r effect them. Mnitr, reprt and update. Each identified risk must be assigned t the persn, rle, team, unit r agency best able t manage it in terms f their respnsibilities and assciated risk type - Crprate, Operatinal r Prject. They must have the verall respnsibility and authrity fr managing the risk. Will be held accuntable fr the management f risks within their areas f respnsibility as determined under any risk treatment plans. Review reprts Cmmunicate key risk issue t respective Directr Prvide an pprtunity fr all staff t discuss risk n a regular basis (Standing Item - Staff meetings). Is respnsible fr mnitring a particular risk and reprting any changes that affect the pssible likelihd r cnsequences f that risk t the Risk Owner fr pssible review. Updating risk register t reflect review utcmes nce apprved.

4 Grup Rle Respnsibilities All staff Cmply with risk prcedures. All emplyees are respnsible fr applying risk management practices in their area f wrk and ensuring Casswary Cast Reginal Cuncil management are aware f risks assciated with cuncil s peratins. Mnitr and review the risks which they are respnsible fr as per specified review time-frames. Advise Managers, Supervisr r Crdinatr if risk treatment plans (cntrls r actins) are n lnger effective r targets fr implementatin are nt being met. and discuss with wrk teams, supervisr, crdinatr r manager at staff meetings. Ensure apprvals sught prir t amendment f risk ratings r treatment plans. Risk Crdinatr (Crprate Gvernance Crdinatr) Crdinatr the nging implementatin f ERM Is respnsible fr maintaining up-t-date risk management guidelines and ensuring apprpriate training is prvided n request. Prvide regular ERM Reprts t the Audit Cmmittee and EMT. Liaise with external stakehlders n ERM implementatin. Ensure Preparatin f reprts in a timely manner; Gather risk infrmatin frm the relevant rganisatinal staff Ensure risk database and paperwrk fully up-t-date Prvide risk infrmatin t thse that request it Mnitr, assist, review and audit all prgrams within the rganisatin n an nging basis t ensure review timelines are being met and treatment plans remain effective. 7. Definitins Cuncil Casswary Cast Reginal Cuncil Risk A risk t the business is any actin r event that has an effect f uncertainty n bjectives. Risk als arises as much frm the pssibility that pprtunities will nt be realised as it des frm the pssibility that threats will materialise r that errrs will be made. Risk Management - Risk management fr Cuncil refers t the culture, prcesses and structures develped t effectively manage ptential pprtunities and adverse effects fr any activity, functin r prcess undertaken by the Cuncil. Managing risk is achieved thrugh the systematic applicatin f plicies, prcedures and practices t identify, analyse, evaluate, treat, mnitr and cmmunicate risk. Enterprise Risk Management (ERM) Enterprise risk management encmpasses all the majr risk categries (including financial, envirnmental, health and safety, fraud, infrmatin technlgy, cmpliance, security and business cntinuity) and includes the c-rdinatin, integratin, cnslidatin and cnsistency f reprting by the varius Cuncil functins with identified risks.

5 8. Plicy Cuncil will manage risk in accrdance with the Australian and New Zealand Standard ISO The bjective is t develp and maintain a prgram f strategic, peratinal and prject risk management t ensure that the cmmunity and the Cuncil are prtected against lss by adding clarity and cnfidence t decisin making. This will place Cuncil in a psitin t capitalise n pprtunities by prviding a better understanding f the implicatins f decisins ver the lng term. This plicy requires adherence t the fllwing strategic bjectives Risk management demnstrates sund gvernance thrugh accuntability, transparency and respnsiveness. Risk management is a strategic business tl t prmte better infrmed decisin making. Risk management is a whle f Cuncil cncern. Risk management will reduce expsure f the cmmunity t lsses thrugh the integratin f risk management in crprate and peratinal planning (including prgram and prject planning and implementatin). Risk management will prtect Cuncil s reputatin and image as a prfessinal, respnsible and ethical rganisatin. Date f adptin: Minute Number: Plicy Review: 3 years r as determined by Cuncil r Chief Executive Officer