Ipswich City Council Administrators Update - Vision 2020 January 2020

4.4 RISK MANAGEMENT Strategic planning, budgeting and risk

Training programs for Risk Management, Fraud and Corruption, and Good Decision Making. These training programs will ensure that all staff are educated and trained in risk management, good and ethical decision- making, business continuity planning, project risk management and how to identify and report fraud and corruption; and A Business Continuity Management Framework that now shapes how business continuity activities within council are governed, managed and maintained. This framework is an essential component of council’s corporate governance practices. It operates in conjunction with related disciplines including enterprise-wide risk management, security and emergency response management. It also establishes how council develops and implements business continuity effectively. Your council will need to continue to focus on the importance of risk management and the project team is still working to soon finalise: Reporting regimes for risk management and fraud and corruption. During interim administration, the following milestones were achieved in regards to council’s Audit and Risk Committee and its functions: An independent member was appointed to the position of chair to enhance the independence of the committee; A strategic workshop identified the key information and reports to be presented to committee to ensure an appropriate oversight of key issues facing council; and A strong focus was placed on ensuring risks are identified, reported on and mitigation actions are in place at a corporate and departmental level. A new charter was developed; A Risk Appetite Statement; A Good and Ethical Decision Making Framework; A Conflict of Interest Policy; and

management are intrinsically linked; it is impossible to undertake sound strategic planning and major project prioritisation without a comprehensive understanding of the inherent risks involved and an assessment of the strategies available to mitigate these risks. It is entirely reasonable for Ipswich residents and ratepayers to expect that your council has a clear risk management framework and reporting arrangements. BEFORE ADMINISTRATION Council previously lacked any robust policies and framework to demonstrate an ability to mitigate risks. A formal risk assessment matrix had been prepared some years ago but was in effect “left on the shelf” and not referred to in subsequent planning and decision-making. In addition, the formal Audit and Risk Committee of your council (as required under the Local Government Act 2009 ) failed to meet regularly and did not have any influence on council projects or programs in any meaningful way. The committee did not fully utilise the skills and experiences of independent members. WHAT WE DID Following a review of the current risk management frameworks and functions, a Transformation Project team was established to develop a consistent whole-of-council approach to Enterprise Risk Management (ERM) in order to proactively identify, manage and respond to issues that represent risk to the achievement of council’s strategic objectives. An Enterprise Risk Management Framework that provides the mechanisms for ensuring that risks are considered and addressed in a systematic way, applying a consistent approach for prioritising, escalating and responding to risks regardless of their nature; A Project Risk Management Manual that will ensure the continuous improvement in council’s ability to deliver projects successfully. The supporting documents will be used by all staff responsible for delivering projects; Over the past 12 months the project team has delivered:

29