RISK MANAGAMENT IN LOCAL GOVERNMENT IMPROVING, BUT GAPS REMAIN

A survey of New South Wales Councils has revealed improved risk management, business continuity and internal audit practices but identified a number of gaps in some critical areas and shortfalls against better practice.  

This is the conclusion of specialist risk management and audit firm, InConsult, who conducted a survey of New South Wales (NSW) Shires and Councils.

Local government in NSW is a $9 billion industry that serves a population of 7.5 million people and covers a geographic area of around 800,000 square kilometres. Collectively, councils have around 1,475 elected representatives, employ 45,000 people and are custodians of over $131 billion in infrastructure assets.

The latest Council Wide Risk Management Survey is the third survey conducted by InConsult. Over 50% of NSW councils participated in this survey. “The high number of responses has provided data that we believe to be valid and paints a good picture of the current state of risk management in NSW councils” says InConsult Director Tony Harb.

“Overall, we have seen improvements across the board in risk management practices, such as developing formal risk management policies and strategies, formal risk appetite statements and maintaining comprehensive risk registers.  More Councils now class their risk management in the ‘proficient’ category of risk management maturity.

The most common benefit realised from risk management was an improvement in the ability of a council to achieve its objectives. “Done well, formal risk assessments across key activities, key projects and at key points during the Integrated Planning and Reporting process can help councils reduce uncertainty and strengthen internal controls” Mr Harb said.

“Whilst the improvements are positive, a number of areas need attention to achieve better practice.  50% of Councils have not formally documented and communicated their risk appetite, attitude and tolerances. Only 29% of councils always conduct a risk assessment for major projects or new initiatives and 35% have not assessed their strategic risks, which may leave councils vulnerable to major changes in their operating environment.

“Workplace Health and Safety is still the best managed risk area. This is not surprising given the recent changes to the Work Health and Safety Act as a result of the harmonisation of work health and safety laws across Australia in 2011.

“Conversely, business continuity management is an area that councils felt was wanting. The survey highlights that 20% of councils did not have a business continuity plan (BCP). Of those that did, just 45% of councils were more positive than neutral about their confidence in their plans, 28% had not reviewed their plans for more than two years and 59% of councils have either never ever tested their plans or not tested them in the last 2 years to validate their effectiveness and efficiency.\

“The likelihood of a major fire, terrorist act or cyber-attack is hard to predict but Australia is at a high alert level where a terrorist attack is likely.  There has been a significant increase in the number of cyber-attacks over the last 12 months. Having plans in place with a response strategy, templates and checklists will help see councils though these disruptions more smoothly and with minimal impact to key council activities.

The survey highlighted that the top 5 risks facing NSW local government were financial stability, infrastructure deterioration, workforce risks, amalgamations and compliance.

“Issues around financial sustainability, infrastructure deterioration and amalgamations are the hot topics in the sector. We can trace current discussions back to 2008 when financial sustainability assessments were published that found 35% of the top 100 NSW councils were unsustainable. By comparison, less than 10% of Victorian councils were considered unsustainable around that time” says Tony Harb.

“Financially unsustainable councils cannot generate sufficient funds to provide the levels of service and infrastructure agreed with their community. As we know, there is a wide range of views on the solution from the abolition of rate pegging to resource sharing and possibly amalgamations. It remains to be seen whether the NSW Government’s “Fit for the Future” strategy will solve the problem. Whilst many councils oppose amalgamations and are questioning the validity of the Fit for the Future process, the important thing from a risk management point of view is that Councils need to be preparing for change. Whilst we see evidence that many are talking to their neighbours and developing strategies and contingencies we also know that some councils are simply digging in their heels. This is rarely a good strategy in the face of change. Councils need to carefully consider the risks involved in whatever strategic response to structural reform they are considering.

“NSW councils have taken enormous steps in the area of internal audit.  79% of councils now have an audit committee, doubling since 2006.  The number of councils that have an internal audit function has also increased from 65% in 2006 to 80% in 2014.

“A strategic audit plan is like a business plan for internal audit.  It guides audit activity and resourcing over a period of 3-5 years and reduces the risk of audit blind spots.  The survey found 48% of councils could better align their strategic audit plan to key risks within council and 35% of councils have not developed a strategic audit plan. This is clearly inconsistent with internal audit standards.

“Only half the councils felt that the benefits that internal audit had delivered were on the positive side of neutral which suggests that internal auditors may need to raise their profile about their activities and better align their audit activities to council activities through the strategic audit plan.

Mr Harb concluded that “whilst improvement is evident and is to be applauded much still remains to be done in this critical area of council governance.”

An Executive Summary is available for free download here or visit the InConsult website: www.inconsult.com.au.

ABOUT INCONSULT

InConsult is a leading professional services firm based in Sydney with extensive local and international experience in risk management, business resilience, internal audit, corporate governance and risk management technology solutions. InConsult offers a comprehensive, end-to-end range of solutions to help public and private sector organisations effectively manage risks and improve internal controls to maximise opportunities. With over 80 local government clients, InConsult is one of the largest service providers to the sector.  

ENDS