An external consultant has found that Central Coast Council’s Enterprise Risk Management Framework (ERMF) has a number of gaps and is not embedded at an enterprise-wide level across Council.
This has created inconsistencies in the management of risks across the organisation.
Headline findings included: a disconnect between Council’s documented Risk Appetite Statement and what is practised in the field of operations; inconsistency in aptitude, appetite and engagement on risk assessment across Council’s operations; and no defined risk appetite statements or key risk indicators.
Recommendations coming out of the report highlighted the need to develop a Strategic Risk Register.
The report says it is conventional for mature organisations to develop a Strategic Risk Register, so critical and material risks can be monitored with greater attention.
Council adopted such a register in May 2023 but Council said it “may not” entirely reflect the true position of Council.
The report said there was a need to design a Consistent Methodology for Risk Identification and Assessment.
“The importance of this recommendation cannot be overstated,” it said.
“Council suffers from inconsistency in aptitude, appetite and engagement on risk assessment across its operations.
“Significant work is required to set a satisfactory baseline of competence, compounded by a prevailing view that this would be another task added to already full lists.
“The tone from the top would be critical in driving the culture that risk assessment is simply the way we work, and not a new task superimposed on top of existing duties.
“Identifying and utilising therefore a simple but effective risk identification and assessment tool would be of paramount importance.”
The consultant’s report made 24 recommendations across nine action areas and was presented to the Audit, Risk and Improvement (ARIC) Committee’s December meeting.
The committee’s minutes are not yet public so it is unclear if Council will agree to implement the recommendations in the report.