Elements and Performance Criteria
- Establish the nature of risk management
- Nature of risk management within local government context is identified and documented, considering council's unique characteristics.
- Structure within which the risk management process will take place is outlined and communicated to stakeholders.
- Criteria against which risks will be evaluated are determined are documented.
- Risk management policy is designed for council operations and communicated to all staff.
- Identify existing and potential risks
- Potential risk events are identified through extensive consultation with relevant stakeholders and personnel.
- Reports from workplace inspections are used to identify existing and potential risks.
- Relevant statutory and regulatory requirements pertaining to all council functions are identified to determine potential areas of risk for non-compliance.
- All staff members are encouraged to identify and report existing and potential risk events to appropriate stakeholders.
- Analyse existing and potential risks
- Identified risks are analysed for the likelihood of potential risks occurring and their consequences.
- First aid reports and reports of the incidence of risk are analysed to assist in determining consequences of risk.
- Existing controls or safety mechanisms put in place to reduce likelihood of a risk occurring are identified and likelihood of occurrence is re-assessed.
- Total estimated level of risk is determined considering likelihood and consequence of potential risks occurring.
- Evaluate and prioritise risks
- Develop and implement risk management or control plans
- Risk management or control plans are developed to eliminate or reduce the potential for risk events and consequences.
- Accountabilities and responsibilities for the identification, management and reporting of risks are allocated and documented in job descriptions.
- Appropriate reporting mechanisms for logging identified risks and the steps taken to address risks are established, updated regularly and used for formal reporting purposes.
- Resources required to address identified risks are determined, documented and allocated.
- Risk control strategies and required resources are included in budgets and other relevant financial planning processes and decisions.
- Risk management plans are designed and documented for priority risks in consultation with stakeholders and industry specialists where necessary.
- Reporting requirements and time frames for achieving risk mitigation are established, documented and communicated to appropriate stakeholders.
- Budgets and other financial plans are regularly updated to account for necessary risk management funds.
- Formal and informal staff training in risk management principles and practices is developed and implemented.
- Monitor and review the risk management system
- Inspection programs are designed and implemented to enable ongoing monitoring of risk control plans.
- Risk management strategies and plans are periodically reviewed and assessed for their adequacy, timeliness and effectiveness in risk mitigation.
- Reports of the incidence of risk occurring are monitored and used to inform risk management processes.
- Risk management process and system are regularly monitored for their effectiveness and changes which may effect their operation.
- Continuous improvement of risk management process is demonstrated and implemented.