Managing risk in local government can feel like an overwhelming and challenging task. Especially when you consider the extraordinary range of services, assets and stakeholders that your council deals with.
But it can be done. By following the suggestions below, you can build a stronger risk culture while ensuring continuous improvement in all risk areas in your organisation.
Develop
As most councils are already aware, the Office of Local Government (OLG) requires every council to provide an attestation for their Enterprise Risk Management (ERM) framework within their annual report starting July 2025.
But this framework isn’t just a compliance box to tick. It’s the foundation for all strategic and operational risk work – one that will help you develop and implement risk management strategies effectively.
When reviewing your ERM framework, ensure it:
- Provides a structured approach to identifying and managing risk
- Is embedded across all areas of council operations
- Supports a culture of continuous improvement
Report
Accurate risk reporting provides a reliable and comprehensive view of the risks and threats your council faces.
As an ongoing part of your active framework, this gives senior leaders a complete picture of your council’s risk landscape, empowering them to make informed decisions about resource allocation, project planning and more.
To be effective, your risk reports should:
- Cover all key areas, including strategic, operational, HR and uninsurable risks
- Be shared in regular updates with senior leaders, such as quarterly reports to the General Manager and ARIC
- Include focused, in-depth insights in quarterly or annual reports
Engage
A strong risk culture starts with people. So it’s important to engage all staff across the council through regular feedback and communication.
Some ideas include:
- Developing a good Risk Culture Communication Plan
- Sharing risk-related stories, advice and updates through internal newsletters
- Introducing reward systems for those who report hazards or suggest improvements
- Educating and reminding staff that risk is everyone’s responsibility
These small gestures can make a big difference in shifting attitudes, creating a positive impact on risk culture.
Involve
Risk staff aren’t usually the ones managing the customer request system, but they can play a crucial role in closing the loop – especially when it deals with claims.
Consider involving your risk staff in conversations with those who manage these systems, as well as senior management. This allows them to help ensure:
- Risks raised are properly logged, monitored and addressed
- Claims or incidents are resolved quickly so they don’t fall through the cracks
- The council includes risk and claims staff as part of the process when these issues arise
Review
Remember to review and update your ERM and risk registers regularly.
How do you ensure your policies and registers stay relevant? By facilitating regular workshops with each department or directorate and ensuring good document control measures.
Workshops will help you identify risks specific to these teams, as well as the challenges preventing them from achieving their goals. This approach will embed risk thinking into day-to-day operations and empower staff to take ownership of their department’s risks.
In addition:
- Ensure that your ERM framework is also reviewed annually against ISO:31000:2018, per the OLG requirements
- Track residual movements and control effectiveness
- Participate in self-audits, including Statewide’s CIP program, and other risk culture surveys and audits.
Invest
Risk doesn’t exist in a vacuum – and neither should your risk staff.
It’s vital that your risk team has the time and resources to engage with different departments so they can understand the operations and specific risks faced.
Risk staff also need to keep up with emerging risks and best practices. One of the easiest ways to do this is to exchange knowledge with other councils at events such as regional risk group meetings and the annual Statewide Mutual Risk Management Conference.
Tools and takeaways
As a risk leader or team member, your role isn’t to assess every risk across the council. That’s an impossible task.
But you can assist and empower every team to manage their own risks effectively.
On our Member Centre, we have resources to help you in this space, including:
- Risk Management Communication Plan (Ideas)
- Risk Management Lead & Lag Indicator Reporting guidance
- Training modules:
You can also refer to OLG’s guidelines for risk management and internal audit.
By supporting each directorate, promoting communication and ensuring the right frameworks and tools are in place, you’re already making an impact on building a positive mindset towards risk.
Need support taking the next steps? Get in touch with your Regional Risk Manager today.