By Lancing Farrell 730 words
Is there a delegation for taking risks at your council? Does your council have a risk appetite? Are the strategic risks that have been identified appropriate? Are the operational risks relevant? Does the audit program decrease or increase risk?
These are questions that a colleague raised with me recently when trying to understand the way risks were managed at their council. I suggested they look at their risk management framework – how is risk assessed in terms of likelihood and consequence. This should explain the inherent risk, current risk rating, the target risk and rate the effectiveness of controls. It can make interesting reading.
Next, I suggested they look for their organisations lists of key risks – strategic and operational. These are usually in the risk register. This isn’t always easy to find. Someone in the risk department will have it. Most councils will have up to 8-12 strategic risks. There will be many more operational risks.
Councils are very risk aware. Some people describe it as risk aversion. I think this is driven by the multiple accountabilities that councils live with – the Minister for Local Government, the Ombudsman, the courts, the media and the community. Sometimes it is hard to know who is going to take issue with what you have done. Continue reading