RM12 - Risk Management & Procedures...Temora Shire Council has used AS/NZS 4360:2004 Risk Management...

Function:Risk Management Policy Number:RM12 Temora Shire Council

Revision Number: 2 Revision Date: 25 May 2011 File Name: Risk Management & Procedures Page Number: of 42

TEMORA SHIRE COUNCIL

RISK MANAGEMENT & PROCEDURES

ACTIVE



Review Details

ABOUT THIS RELEASE

DOCUMENT NAME: Risk Management & Procedures CODE NUMBER: RM12 AUTHOR: Temora Shire Council ENDORSEMENT DATE:

REVIEW

Revision

Date Revision Description Date approved by

Council General Managers Endorsement

June 2007

PLANNED REVIEW

Planned Review Date

Revision Description Review by



1. RISK MANAGEMENT POLICY ............................................................................ 4

2. RISK MANAGEMENT DEFINITIONS .................................................................. 6

3. THE RISK MANAGEMENT PROCESS ............................................................... 8

4. CORPORATE GOVERNANCE .......................................................................... 18

5. LEGAL COMPLIANCE ...................................................................................... 20

6. SERVICE DELIVERY ........................................................................................ 22

7. BUILT ASSETS ................................................................................................. 26

8. HUMAN RESOURCES ...................................................................................... 31

9. MANAGEMENT OF INFORMATION ................................................................. 33

10. FINANCIAL RISK MANAGEMENT .................................................................... 35

APPENDIX 1 38

APPENDIX 2 39

APPENDIX 3 40

APPENDIX 4 41

RESOURCES 42



1. RISK MANAGEMENT POLICY

POLICY AIMS This policy will:

• provide documented evident of Council’s commitment to adopting risk management principles as an integral part of operations and decision making;

• promote an atmosphere of risk awareness and willingness to manage risk at all levels of the organisation;

• provide opportunities for continuously improving performance at all levels of the organisation.

Temora Shire Council has recognised that the management of risk is an essential element of good management and impacts on every facet of Council activity. Risk Management has been defined as the culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects. It is a process of continuous improvement that is to be embedded in all the practices and processes of Council. Risk Management promotes communication between all stakeholders and improved information flow enhances the decision making process. Temora Shire Council has used AS/NZS 4360:2004 Risk Management Standard and HB 436:2004 Risk Management Guidelines as the main source of guidance for the development, implementation, consultation and review of the Risk Management Program. Council’s total assets provide the foundation on which the continued ability to provide an improved quality of life for the Shire community and foster an environment conducive to future development is built. These assets include human, fiscal, property and the environment. It is Council’s intention to implement this Risk Management Program to safeguard and enhance these assets to ensure the achievement of the Mission Statement and associated corporate objectives. The main objectives of the Risk Management Program are to:

• Maintain the highest possible integrity for services provided by Temora Shire Council;

• Safeguard and enhance Temora Shire Council assets including human, fiscal, property and environmental;

• Create an environment where all Temora Shire Council employees, Contractors and Volunteers will assume responsibility for managing risk;

• Achieve and maintain legislative compliance;

• Ensure resources and operational capabilities are identified and responsibility allocated for managing risk;

• Ensure Temora Shire Council can appropriately deal with risk;

• Demonstrate transparent and responsible risk management processes which align with accepted best practice.

• Manage the control of fraud of all aspects under Councils control.



The Risk Management Program shall cover, but not be limited to, the following areas of Council activity:

• Corporate governance

• Legal compliance

• Business risks

• Assets

• Human resources

• Information systems

• Financial risk management The risks associated with these areas of activity will normally be identified, analysed and managed by responsible officers in each of the functional areas of Council, however some major projects or activities may require the allocation of specific resources to the risk management process. Budget considerations will necessitate the allocation of funds in order of risk priority. The Council is responsible for the oversight of the Risk Management Program and may obtain advice and guidance from appropriate sources within and outside Council. The General Manager is responsible for the implementation and effective operation of the Risk Management Program, and responding to and reporting on significant risks that may arise from time to time. Departmental Directors are responsible for the effective operation of the Risk Management Program within their respective departments and the timely reporting of any significant risks that may arise. All Supervisors in particular, and employees in general, are responsible for avoiding unnecessary risks to themselves, co-workers and the public, Council and private property and image, and to report through their supervisors any activities or conditions that may result in unacceptable risks. The Risk Management Program consists of this Risk Management Policy, supported by various Statements of Operation that have been endorsed by Temora Shire Council, and further supported by documented Procedures, Work Instructions and Checklists and any other documentation that may be deemed necessary for the effective implementation, training, operation and monitoring of the Risk Management Program within Temora Shire Council.

Policy Adopted Date: ......................................................... Signed General Manager .........................................................................................



2. RISK MANAGEMENT DEFINITIONS The following definitions from AS4360:2004 and HB436:2004 will be used throughout Risk Management documentation issued by Temora Shire Council. Risk Management – the culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects. Control – an existing process, policy, device, practice or other action that acts to minimise negative risk or enhance positive opportunities. Hazard – a source of potential harm Risk – the chances of something happening that will have an impact upon objectives. Note that a risk may have positive or negative consequences. Risk Analysis – systematic process to understand the nature of and to deduce the level of risk. Risk Assessment – the overall process of risk identification, risk analysis and risk evaluation. Risk Management Process – the systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk. Note: In a Local Government context this means the systematic risks that could prevent Temora Shire Council from achieving objectives set out in the Management Plan or from complying with its legal obligations. Risk Treatment – process of selection and implementation of measures to modify risk. Residual Risk –risk remaining after implementation of risk treatment. Stakeholders – those people and organisations who may affect, be affected by, or perceive themselves to be affected by, a decision, activity or risk. General Definitions Business Continuity Management – provides for the availability of processes and resources in order to ensure the continued achievement of critical objectives. Business Continuity Plan – a collection of documented information that is developed, compile and maintained in readiness for use in the event of an emergency, disaster or disruption to operational capability. Corporate Governance – is the set of processes or systems by which Temora Shire Council is directed and controlled and which is used to monitor achievement to ensure it remains accountable to the interests of its stakeholders. Disaster Recovery Plan – a document that describes the recovery strategies and processes to be employed to facilitate the restoration of operational capability of a particular department, section, function, infrastructure or system of Council. Infrastructure Assets – are defined by the AAS27as:



• Roads, footpaths and bridges

• Parks and recreation facilities

• Water supply systems

• Stormwater systems

• Wastewater systems

• Flood protection and land drainage Legislative Compliance – the legislation and common law duties that apply to all employers generally, including local authorities specifically. A “breach” is likely to give rise to civil or administrative action against Temora Shire Council is the same as that in the Local Government Act. Further Definition Enterprise-wide Risk Management (ERM) – ERM is a structure and disciplined approach aligning strategy, processes, people, technology and knowledge with purpose of evaluating and managing the uncertainties the enterprise faces as it creates value. “Enterprise-wide” – means the removal of traditional functional, divisional, departmental or cultural barriers. Risk management is evolvingH

FROM TO

Risk as individual hazards Risk in the context of business strategy

Risk identification and assessment Risk portfolio development

Focus on all risks Focus on critical risks

Risk mitigation Risk optimisation

Risk limits Risk strategy

Risks with no owners Defined risk responsibilities

Haphazard risk quantification Monitoring and measurement

Risk is not my responsibility Risk is everyone’s responsibility



3. THE RISK MANAGEMENT PROCESS AS/NZS 4360:2004 This Manual is structured around AS/NZS 4360:2004 “Risk Management” which provides guidance on the development and introduction of a Risk Management Programme. Handbook HB 436:2004 “risk Management Guidelines” has also been used for guidance in the development of this Manual and the Risk Management Program documentation. Risk Management is not a static management tool or system. It should be evolving, as new risks appear, legislation changes and the expectations of the community change. A risk management program should be viewed as a dynamic program that is subject to change and modification. The outcomes should always be under review and kept up to date. Risk Management should be an integral part of day to day Council operations, from planning and policy development to project and operational management. Risk Management, like Quality Management or Environmental Management, is not an additional encumberance, it is the first step to be taken in performing any task/job. The benefits of adopting a risk management approach to Councils operations is not merely about insurance or OHS, but rather a means of improving Councils strategic, financial and operational management. It will minimise financial losses, service delivery disruption, reputational loss and claims incidence. It will also facilitate the decision-making process within Council and provide the elected members and management with the ability to make informed decisions regarding the appropriateness and consequences of the implementation of policies and service delivery options. Information relating to past events and incidents of loss, failure or non-achievement of desired outcomes should be analysed to minimise future risk. All relevant information must be shared across the entire Council. The perpetuation of a silo-mentality within the organisation will detract from the efficiency and effectiveness of any Risk Management Program. An Overview Based on AS/NZS 4360:2004 the following stages in this process are defined for a risk management program to function within Temora Shire Council. Figure 1 on the following page shows how the Risk Management process works, from AS/NZS 4360:2004.



Context – it is most important to understand the context before starting a risk management audit, review or program. Failure to understand the context will mean that the business objectives of Temora Shire Council have not been fully understood and therefore the risks, risk acceptance and risk aversion of the Council will not be fully addressed. Activities of Temora Shire Council – Establish those activities of Council to be covered by this Risk Management Program. These include Corporate Governance, Legal Compliance, Business risks, Assets, Human Resources, Information Systems and Financial Risk management. Sections 4-10 discuss these in further detail. Define Criteria – The criteria help evaluate whether an analysed risk is acceptable, unacceptable or intolerable. Defining the criteria enables the establishment of key performance indicators for Temora Shire Council. Identification of Risks – The activities Temora Shire Council perform and the locations of the activities can create exposure to risks. Therefore a review of both activities and sites should be conducted. This should include relevant document review (including legislation) and discussions with appropriate personnel. Analysis of Risks – Risk should be analysed in terms of frequency and severity within the context of the controls in place using a qualitative or quantitative approach. This stage may overlap with the identification stage and may include the use of analytical techniques. Accurate analysis is essential if resources are to be effectively allocated. Evaluation of the Risks – Evaluate the acceptability of analysed risks against the criteria. The evaluation should be discussed with managers and may result in a review of the criteria. The evaluation will consider if the risk is acceptable, unacceptable or intolerable. Development of Treatment Operations – The evaluation or risk may make obvious options for the:

• acceptance of risk; or

• avoidance of risk; or

• the control of risk; or

• the transfer of risk to a third party.

These options should be developed in consultation with Managers allowing options that are not relevant to Council to be ignored; those that are relevant can be explored more fully. Implementation – Implement the selected treatment options. Monitoring and Review – Monitor and review all stages of the Risk Management Process to ensure it is working as intended. Communicate and Consult – Ensure those who maybe affected by the Risk Management Process are kept fully informed and consulted with throughout.



HIERARCHY OF CONTROL FOR RISK MANAGEMENT OF TEMORA SHIRE COUNCIL



As previously mentioned the identification, analysis and evaluation of risks and the implementation and monitoring of treatment options should follow the process set out in AS/NZS 4360:2004 “Risk Management” and HB 436:2004. The following Australian Standards publications are also relevant to the various operations of Council that require risk management treatment:

• AS/NZS 3931:1998 “Risk Analysis of Technological Systems – Application Guide”;

• HB 141:1999 “Risk Financing Guides”;

• HB 158:2002 “Guide to AS 4360 in the Internal Audit Process”;

• HB 221:2003 “Business continuity Management”;

• HB 231:2004 “Information Security Risk Management”;

• HB 246:2002 “Risk Management in Sport and Recreation”;

• HB 250:2000 “Organisational Experiences in Risk Management Practices”;

• AS 3806:1998 “Compliance Programs”;

• HB 133:1999 “Guide to AS 3806 Compliance Programs”;

• AS 4581:1998 “Management System Integration”;

• AS 5037:Intrim “Knowledge Management”. Categories of Risk Knowledge of the types of hazards facing an organisation will assist managers in identifying all the possible risks associated with the day to day operations. Hazards and the associated risks can be either Strategic or Operational. Strategic Risk is concerned with the hazards and risks associated with the achievement of the medium or long term goals and objectives of the organisation and the following may cover some of the aspects of strategic risk:

• Political – those associated with the failure to deliver various levels of government policy for which Council is the responsible agency, or failure to achieve its own corporate objectives.

• Economic – those associated with the ability to meet financial commitments. This can involve internal budget limits, investment decisions, Public Private business ventures, insufficient insurance cover, external economic climate

• Social – those associated with changing demographics, socio-economic conditions or housing and commercial trends.

• Technological – those associated with the ability to keep pace with technological change, adapt and adopt new technology and maintain value service delivery

• Legislative – those associated with the organisations ability to achieve current legislative compliance and to conform with future changes (This is at the macro or corporate level)

• Environmental – those associated with the ability to meet Council’s strategic objectives in relation to pollution control, waste management, recycling, water management

• Competitive – those associated with the cost effective provision of services to all stakeholders, i.e. value for ratepayer dollar



• Customer/Community –those associated with meeting the current and future needs of the ratepayers and community, including anticipating changing needs and expectations

The management of Strategic Risks is generally the province of the senior management, e.g. Manex or management team, in close liaison with the elected members and/or the Risk Management or Internal Audit Committee(s). The Risk Assessments associated with strategic risks should be undertaken as a normal part of the community, corporate and service delivery planning process for the Corporate Plans and revised at least annually at the time of the Management Plan compilation. Operational Risk is concerned with the hazards and risks associated with the day to day operations of Council staff and the following may cover some of the aspects of operational risk:

• Professional – those associated with the various professional and technical areas of operation within Council e.g. engineering, child care, aged care, library services, environmental health, building services, plant and mechanical, sewer and water

• Financial – those associated with financial planning and management

• Legal – those associated with possible breaches of current legislation (this is at the micro or individual level)

• Physical – those associated with the occupational health and safety, fire and emergency preparedness, security, plant safety, amenities

• Contractual – those associated with the failure of contractors to supply required quality and quantity of goods or services

• Technological – those associated with the operational efficiency of IT systems, hardware and software

• Environmental – those associated with the environmental hazards directly attributed to performing work tasks

It must be recognised that the above categories and sub-categories are not mandatory nor exhaustive, however they do provide a framework for identifying and addressing hazards and risks. It is also obvious that the categories and sub-categories are not mutually exclusive, and cannot be considered in isolation, but must be considered having regard to their inter-relationships when carrying out a full risk assessment. Understanding the Context It is most important to understand the context before starting a risk management audit, review or programme. Establishing the context allows the Risk Management Process to be fully addressed. The context refers to the External Context, Internal Context and Risk Management Context.



External Context (Strategic Risk) This should take into account the external environment in which Council operates, including:

• The physical environment of the area the Temora Shire Council operates within;

• The business, social, regulatory, financial and political environment within which the Council has to operate;

• Local Government Act Charter;

• The strengths and weaknesses of Council;

• The threats and opportunities faced by Council;

• Identification of the stakeholders o Council e.g. the community, employees and elected representatives;

• The Corporate and Management Plans;

• Social Responsibility issues.

Internal Context (Operational Risk) This looks at the organisational structure and capabilities of Council e.g. staffing, elected representatives, work areas, locations, sites, IT systems etc. and the goals and objectives. Risk Management Context The activities of Council and the scope of these activities are defined in the Corporate Plan. Once defined, the key performance indicators, generally found in the Management Plan, should be developed and the strategies put in place to meet the criteria should be identified. Establishing the scope and key performance indicators of a risk management process includes: (a) Defining the activities and identifying strategies. The strategies set out in the ten-

year Financial Strategy should be consistently applied in the Corporate and Management Plans, within Council’s areas of responsibility and the personal objectives of operatives. The establishment of Asset Management Plans will assist in establishing the ten-year Financial Strategy.

(b) Defining where and for how long the project will run e.g. reviewing procedures for compliance with statutory requirements.

(c) Commissioning and utilising results e.g. from natural hazard studies.

Establishing the Council Activities Covered by the Risk Management Program The activities of Temora Shire Council to be covered by the Risk Management Program need to be established. This may include all or some of the following:

• Corporate Governance, Legal Compliance, Business Risks, Assets, Human Resources, Information Systems and Financial Risk Management.



An initial review should be conducted to determine the activities of Council that are not meeting the defined criteria and which need to be improved. This review will also allow Council to identify and prioritise the areas with the highest perceived levels of risk exposure, to set the risk appetite. Defining Criteria Criteria are used to evaluate the level of risk. Key Performance Indicators may be used. Criteria and/or key performance indicators need to be defined by Council prior to the start of the risk management program so that the level of risk can be properly evaluated. Criteria can be derived from specific documents and be detailed; others may be broad and may be established as means of exploring internal criteria. Examples of established criteria may include the following:

• A legal requirement which may be derived from the common law, statute of case law

• Codes of Practice

• “Best practice manuals”

• Council management may develop relevant criteria, and Key Performance Indicators can be developed to measure these criteria

Criteria should be monitored and reviewed throughout the Risk Management Program to ensure they appropriately reflect the risks identified and type of analysis undertaken. Establishing Risk Management Within Temora Shire Council The steps that should be followed when establishing a Risk Management Program may include:

• Appoint a Risk Management Co-ordinator

• Define a group of senior personnel with overall responsibility for Risk Management e.g. a Risk Management Committee and Internal Audit Committee or similar

• Establish a Risk Management Policy

• Carry out an initial review to identify risk exposures either internally or using external consultants

• Analyse and evaluate the risks identified in the initial review

• Implement treatment options for the unacceptable risks identified

• Monitor to ensure implementation is carried out

• Review to identify any changes in risk exposure

• Communicate and consult with stakeholders at all steps in the risk management process. Information must be able to be understood by stakeholders

Organisational Structure for Risk Management A Risk Management Co-ordinator should be responsible for co-ordinating the Risk Management System within Temora Shire Council. The day to day responsibility for risk management should remain with the operational managers.



An effective focus for risk management within Council is the use of the Risk Management Committee. The Risk Management Committee acts as a forum for risk management and a focus for risk management activities. It ensure that policy implementation remains on target, and the emerging risk management issues are adequately dealt with. The Risk Management Committee provides copies and should have the necessary budget to commission and fund further risk management work. Risk Management Policy

The Risk Management Policy will establish common written arrangements that are essential for the effective operation of the Risk Management Program. The Policy aims are to:

• Provide documented evidence of Council’s commitment to adopting risk management principles as an integral part of operations and decision making;

• Promote an atmosphere or risk awareness and willingness to manage risk at all levels of the organisation;

• Provide opportunities for continuously improving performance at all levels of the organisation.

The organisation has recognised that the management of risk is an essential element of good management and impacts on every facet of Council activity. The Corporate Governance guidelines and responsibilities for Elected Members, management and staff regarding risk management have been established by Council and referred to in the Policy. The Risk Management Policy is endorsed by Council and reviewed yearly, with subsequent versions also being endorsed by Council.



4. CORPORATE GOVERNANCE General

Corporate Governance is the system of accountability to stakeholders whereby the elected members ensure the risk management principles and practices of Temora Shire Council are carried out and performance against these is measured.

Responsibilities The Council is responsible for the oversight of the Risk Management System and may obtain advice and guidance from appropriate sources within and outside Council. The General Manager is responsible for the implementation and effective operation of the Risk Management System and responding to and reporting on significant risks that may arise from time to time. Departmental Directors are responsible for the effective operation of the Risk Management System within their respective departments and the timely reporting of any significant risks that may arise. All Supervisors in particular, and employees in general, are responsible for avoiding unnecessary risks to themselves, co-workers and the public, Council and private property and image, and to report through their supervisors any activities or conditions that may result in unacceptable risks. Corporate Governance Context Service Delivery Corporate Governance is the process by which decisions are made and then those decisions are implemented. The purpose of the decision making process is to achieve the objectives designated in the Corporate Plan and Management Plans. These objectives are focussed on being able to provide the services that the stakeholders require, i.e. the ratepayers and community. Corporate governance sets the standard for Service Delivery and is underpinned by the principles of openness, integrity and accountability. Other Functions of Council

• Strategic Planning and monitoring achievement;

• Bylaw enforcement;

• Policy development;

• Representing ratepayers;

• Lobbying on behalf of ratepayers.



Temora Shire Council must ensure a Corporate Plan and Management Plan are prepared and reviewed at the required intervals. The following publications are relevant to Corporate Governance management and issues and are used in the administration of the Council governance processes.

• Excellence in Governance for Local Government – exposure draft by CPA Australia;

• Governance Health Check – LGMA publication;

• Code of Conduct – DLG publication. Identify Risks

Potential risks for which Council should have policies and procedures in place may include, but are not limited to, the following:

• The responsibilities of Councillors, General Manager, Directors and officers not being clearly delegated or communicated. This may result in the required functions to be carried out by Council not being undertaken resulting in incomplete service delivery

• Policies set by Councillors that may have future liabilities

• Inadequate resources to effectively determine or maintain services required by law to be provided

• Incomplete or inaccurate information relating to changes that may impact on the ability to achieve corporate objectives

• Lack of Code of Conduct

• Inadequate management information systems. Analyse and Evaluate Risks

• The potential liabilities of Councillors, the General Manager, Directors and officers not carrying out their required functions should be analysed and evaluated. This should take into account the objectives of the Corporate and Management Plans and the delegated responsibilities within the Council.

• When Councillors set policy, the potential for future liabilities being created should be analysed and evaluated before the policy is agreed.

• Council should review what services they are required to provide by law and as set down in the Management Plan. The Council should ensure thatTemora Shire Council meet these key performance objectives.

Treating the Risk

After identifying, analysing and evaluating the risks of not having an effective Corporate Governance structure in place, Council should establish procedures to ensure that these risks can be managed. Ways in which the risks can be managed include:

• Training, Briefing and refresher courses for Councillors;

• Responsibilities of Officers included in all Position Descriptions;



• Adoption of Code of Conduct for Councillors and Council officers to observe;

• Delegations Manual/Register;

• Management Plan key performance indicators;

• Entities in which Council has an interest. 5. LEGAL COMPLIANCE

General

Legal Compliance is an essential part of the Temora Shire Council Risk Management System. To be able to have an effective legal compliance procedure Council needs to have certain steps in place. This section gives an overview of the necessary structure and highlights various areas that require “focus” to achieve compliance within the sector.

Temora Shire Council has a wide range of duties under the law. Breaches of some legislation may give rise to allegations of negligence. Council also has the same criminal liabilities and Common Law duties under legislation that apply to all employers and sometimes to private individuals. Context Council has to review the legislation that governs Local Government practice and assess how that legislation impacts upon Council activities. Namely what is the role of Council? Does Council administer the legislation and/or simply have to comply with the legislative demands? The potential exposure for Council differs according to its role. Identify Risks Potential risks which may arise regarding legislative compliance including failing to:

• Comply with legislation – both Common Law duties and Statute Law

• Carry out duties or provide services as required by legislation and the Council Charter

• Provide correct or sufficient information and advice upon request

• Assess changes in practice or implementation of new innovations. Analyse and Evaluate Risks

When analysing and evaluating the risk associated with legal compliance, Council must keep in mind the type of duty it has under the law. Regulatory Function Identification of potential exposures when Council has regulatory function to administer, should include a review of:

• The demands of the legislation;



• Current industry practice, e.g. what are other Local Authorities doing in this area?

• Recent case law. Statutory Compliance For statutory compliance i.e. compliance with Criminal and Common Law duties, the potential exposures of not complying must be identified and should include:

• Demands of the legislation;

• Potential fines and penalties Service Delivery The potential liabilities for Council of providing incorrect or insufficient information and advice must be identified and should include that given:

• In response to request or application;

• Over the counter

Changes in Practice and New Innovations Changes in practice, or innovative moves by Council can change the “risk” or “legislative” profile for an activity. The potential liabilities resulting from this should be identified. Council must also ensure that any initiatives or changes in direction are cleared with the Council’s Insurers and/or Brokers prior to undertaking the new activities. Treating the Risk It is important that an ongoing identification of compliance issues is undertaken. These systems may include: (a) Means of identifying new or amended legislation of significance. (b) Means of identifying the sections that pose a significant compliance risk. (c) Means of identifying appropriate procedures for securing compliance. (d) Training of managers and supervisors in their legal responsibilities.

Ongoing management supervision of the procedure and staff practices is essential. For any legislative compliance procedure to be successful there needs to be demonstrated senior management commitment. A Compliance Policy that is clearly communicated throughout the Council will assist this process. Management needs to accept responsibility for legislative compliance. This can be assisted in the form of appropriate resources being made available to achieve and to demonstrate legal compliance. Legislative compliance is not a static process. The legal framework and the environment in which the Temora Shire Council operates are dynamic. Therefore to



achieve ongoing compliance it is necessary to have an ongoing review of the systems that are in place, and to modify them.

6. SERVICE DELIVERY General

Temora Shire Council is required to provide a number of goods and services that are managed and operated directly by Council or through the use of contractors. These goods and services should meet the expectations of the stakeholders and community.

The Council is also responsible for a wide range of works from small, low risk works to large complex projects. These can involve the use of contractors requiring Council to issue tenders and enter into contracts. When entering into a contract Council will need to ensure appropriate auditing and control of the contractor is undertaken. For some projects standard controls will suffice, for others controls may need to be tailored to the specific contract. Monitoring and supervision of contracts is an important aspect of managing any contract. Context The annual Management Plan produced by Council sets down the goals and objectives for the goods and services to be provided. The make up of the stakeholders of Council and their perceptions and expectations of the goods and services provided should be determined. Tenders and contracts should be prepared and managed in accordance with relevant legislation, codes of practice, case law and recommended best practice. Identify Risks Service delivery risks to which Council may be exposed include:

• Failure to meet objectives and goals set down in the Annual Plan

• Legislative and contractual requirements not meet by contractors

• Legislative requirements not met by Council

• The tender assessment not conducted as prescribed

• Decline in assets through ineffective contract management

• Sale of goods and provision of services that may mislead or deceive

• Untrained staff

• Poor service delivery from staff

• Council processes not customer focussed Analyse and Evaluate Risks

When analysing and evaluating the potential liabilities associated with the Annual Plan, the Council should determine what it wants to achieve i.e. the goals and objectives and what potential exposures there may be in not meeting these.



When awarding tenders to contractors, Council must be aware of the potential exposure if the tender assessment is not conducted as prescribed. Council should analyse and evaluate the potential liabilities they may be exposed to should a contractor not meet their legislative and contractual requirements. The audit procedures for effective management of any contract should be analysed and evaluated to ensure there is a clearly understood relationship between parties and that the quality of service meets the Temora Shire Council’s goals and objectives. When undertaking any design work, Council should be aware of the extent of possible exposure from work carried out by:

• In-house designers

• Design consultants

• Contractors The provision of services and sale of goods should not mislead or deceive potential users/purchasers. Council should be aware of the potential exposure of this. The Council should also ensure the goods and services meet the expectations of stakeholders as far as reasonably practical and relevant legislation. Treatment Options Tendering and Contract Process

Council must ensure that proper controls are in place and responsibilities allocated to reduce exposure to liability from the contract and tendering functions. The various stages in the contract and tendering functions include: (a) Decision to contract out services (b) The tender process (c) The contract process (d) The audit process (e) Design work

Policies and procedures should be established by Council, communicated to staff, reviewed and monitored to ensure they are being adhered to:

(a) Decision to Contract Out Services Temora Shire Council should ensure the most suitable approach is used which provides the optimum benefits and value for money to the Temora Shire Council and its stakeholders. Service Delivery Code of Practices may be set out in the Annual Plan and an Asset Management Plan developed for the assets involved. All services provided by contract should be monitored to ensure the Temora Shire Council requirements are being met.



Example When a service is to be let on contract the Temora Shire Council should have policies and procedures in place to:

• Demonstrate the advantages and disadvantages of the proposed approach compared with alternatives

• Ensure consultation with stakeholders

• Ensure the long term interests of ratepayers

• Develop a full marketing plan for maximum exposure of the tender to potential tenderers

• Specify service delivery Code of Practices from the Annual Plan

• Develop an Asset Management Plan for the assets involved

• Ensure the contract provides value for money

• Formally audit and document the service delivery

(b) The Tender Process The method for awarding contracts should be determined and all those involved in the tender process should be aware of this. The tender process should include:

• Appropriate method of assessment determined

• Review of documentation supplied

• All legislative requirements are met

• Adherence to prescribed method of assessment

• Health and Safety requirements are met by the contractor and details provided to the Temora Shire Council

(c) The Contract Process (General) Once the contract is in place, whether for maintenance works, provision of services or construction works the following should be undertaken:

• Monitoring and auditing of the contract commercially

• Monitoring legislative compliance of contractor

• Monitoring legislative compliance of the Temora Shire Council with respect to the contract

(d) The Audit Process A formal programme of auditing the service delivery of a contractor should be established. A formal audit is a tool which can provide assurance that the contractor is providing a quality service and not exposing the Temora Shire Council to risks. The audit process

• Have personnel allocated for carrying out the audits in a systematic manner. This may be internal staff or external consultants.



• Be formally documented and any concerns raised with the contractor

• Be based on assessment of risk i.e. where a contractor is carrying out works which may be critical in enabling the Temora Shire Council to meet their goals and objectives and/or for key assets

• Include reviews of the contractor’s quality systems, health and safety procedures, training of staff on a regular basis

(e) Design Work The Temora Shire Council should ensure a self-audit in accordance with the requirements of the relevant legislation is carried out. A regular review of the appropriateness of carrying out design work internally or externally should be carried out. The Temora Shire Council should have procedures to ensure that contracts with providers of professional services deliver the required level of service Sale of Goods When selling goods the Temora Shire Council should have policies and procedures in place to ensure what is being sold is accurately described.

Example When selling land, Temora Shire Council should ensure what it is selling is accurately described with regards to:

• Nature of its interest in the land

• Price payable for the land

• Location of the land

• Characteristics of the land

• Use to which the land is capable of being put

• Availability of facilities associated with the land

General Temora Shire Council should establish Key Performance Indicators (KPI’s) which can provide a measurement to the Temora Shire Council as to whether or not they are meeting the objectives and goals in the Annual Plan. When undertaking reviews, KPI’s allow Temora Shire Council to monitor how it is performing. The Temora Shire Council should be aware of stakeholder expectations when setting KPI’s. Business continuity plans can assist in keeping disruption to critical services to a minimum. Temora Shire Council should ensure business continuity plans have been established for identified critical services. Temora Shire Council may want to transfer some of their risks to a third party. The various options available should be assessed by the Temora Shire Council to determine which may be the most appropriate e.g. ensuring appropriate insurance



cover is in place, contractual transfer of risk (refer to Appendix 4 – Examples of Risk Transfer Options).

7. BUILT ASSETS General

Temora Shire Council own and are responsible for a wide range of assets. Assets can be divided into the following categories:

Above Ground Assets such as buildings and their contents (e.g. offices, museums, libraries), motor vehicles, information assets. Infrastructural Assets such as roading, water supply, stormwater, sewerage, airport, flood protection, parks and reserves. Context Temora Shire Council needs to identify those assets that are essential to the operations of the Temora Shire Council, those that offer a public or social good and those that may have local sensitivities. An Asset Management Plan (AMP) should be developed for assets owned by Temora Shire Council, or where the Temora Shire Council has responsibility for them. There should be a clear linkage between the AMP and the operational plans of the relevant departments. An AMP defines the level of service required for the asset (e.g. quality, quantity, reliability, responsiveness, environmental impact and cost). The ability of the asset to deliver service over a period of time should be defined (e.g. perpetuity, finite period). AMP’s should reflect the long term financial strategy of the Temora Shire Council and Annual Plan. AMP’s can assist in the establishment of Lifelines projects. They can assist in reducing damage to critical infrastructural assets, ensuring greater resilience in a network and speeding post event recovery. Lifeline projects may be established and should identify the relationship with the environment i.e. physical, social political and financial and should determine which stakeholders are most likely to be affected by damage to the lifeline system. Identifying Risks Potential risks that may occur if a Council does not manage assets effectively include:

• failure to identify all assets and their value;

• inadequate assessment of financing to manage or replace assets;

• objectives of the long term financial strategy and annual plan not being met;



• inability to provide services to stakeholders following damage to assets;

• failure to comply with legislation;

• failure to comply for Government Assistance, where it is available. Analyse and Evaluate Risks

When analysing and evaluating the potential risks concerning assets, Temora Shire Council must identify those assets that are important for continual delivery of critical services and the provision of public or social good. a) Above Ground Assets once assets have been identified, the risks to them should

be analysed and evaluated. This should also include any essential contents.

Example The analysis and evaluation may include:

• Fire and explosion

• Natural hazards e.g. earthquake, storms, drought, flood

• Design and construction

• Building services and utilities e.g. loss of power, water or other critical utilities

• Loss of access

• Malicious attacks including vandalism and theft

• Impact damage

• Use of asset

b) Infrastructural Assets Temora Shire Council should ensure it has met the criteria

laid down in legislation and guidance documents. An AMP should:

• List all assumptions and provisos under which the plan is prepared

• Indicate the level of confidence of the data reliability (condition of assets, performance of assets, accuracy of asset inventory, demand/growth forecasts)

• Provide a level of precision or confidence on the forecasts of renewal and maintenance expenditure for the asset network

The AMP should also:

• State what needs to be done to improve the AMP

• Be prepared by a qualified person

• Be subject to regular review and revision

Temora Shire Council should also identify and evaluate the level of risk from natural hazards that could damage or destroy infrastructural assets.

Temora Shire Council should ensure that management of infrastructural assets meets the objectives set out in the AMP and Annual Plan. Temora Shire Council should review the potential liabilities of an event occurring e.g. a natural hazard which may damage the lifeline systems.



For any hazards identified, of each or any of the risks facing Temora Shire Council’s operations, the following need to be established:

• a risk rating for the potential frequency and severity;

• an analysis of probable loss frequency and probable loss severity and potential Once determined, contingency planning strategies require consideration and decision making for the following important time periods:

• during the disaster

• immediately following the disaster

• long range recovery from the disaster Treatment Options

a) Above Ground Assets Treatment options for these types of assets can include the following:

• a system established for the obtaining of and regular reviewing of the Building Warrant of Fitness where one is required to ensure that maintenance work and training is being carried out;

• a Business Continuity Plan for each asset that is required for the continued delivery of critical services should be established

Example Each Business Continuity Plan may include:

• limiting the immediate damage

• facilities and an emergency control centre;

• temporary variations in service delivery to ensure critical services continue;

• information for elected representatives, employees, other Local Authority officers, adjacent Local Authorities, the media and suppliers;

• salvage;

• security of the site;

• reinstatement of any building protection systems;

• financial accounting for the damage and restoration work;

• ensuring adequate post loss funds for restoration and increased costs of working;

• reinstatement of lost buildings and equipment

Policies and procedures are monitored and reviewed for the management and use of Temora Shire Council assets. Provision for initial and ongoing training of employees and others using the assets should be made. Provision may also be made for the transfer of risk to a third party e.g. the use of insurance, or contractural arrangements. b) Infrastructural Assets



The content and methodology of any AMP should not be less than the ‘Basic’ AMP set out in the Infrastructure Asset Management Manual. The estimated costs should provide a clear link to the ten year forecasts as required by the long-term financial strategy and should be reviewed annually and updated every three years. Each AMP should include sufficient information to enable a decline in service potential of the asset to be recognised (e.g. quantity, quality, useful life). Any such reductions in service potential are to be recognised in the Annual Plan. The AMP should also state how such a reduction will be measured. Maintenance, renewals and capital are to be adequately defend and stated in relation to their effect on service potential.

• plans to avoid or control the risks identified should include Disaster Recovery Plans and post loss risk financing plans.

Temora Shire Council should ensure there is a Disaster Recovery Plan for each infrastructural asset to ensure the continued delivery of critical services.

Example Each Disaster Recovery Plan should include or refer to:

• Any relevant Business Continuity Plan;

• A plan for the repair or reinstatement of control systems for any infrastructural asset;

• Sources of equipment, materials and specialists workers needed for relevant work;

• Liaison with Civil Defence/Emergency Management;

• The relevant AMP

The AMP (including any state improvements) should be presented, approved and adopted by Council. In addition Temora Shire Council should:

• Identify how this information is conveyed to the relevant stakeholder groups

• Establish a process to document the actions taken to reduce the risks and how the implementation of these has resulted in acceptable levels of performance or risk;

• Identify the benefits to stakeholders of the lifeline system; Register of Council Assets

Temora Shire Council should have a meaningful Asset Register or equivalent. This will enable Council to ensure the appropriate management and maintenance of



assets is undertaken. Failure to do this may result in e.g. under or over insuring an asset. The Asset Register should capture the following:

• Capital expenditure

• Capital works

• Valuations

• Sales and purchases

• Contents

• Buildings/facilities

• Use of building/facilities/contents

• Change of use of buildings

• Properties the Council leases (as lessor or lessee)

Example At times work that may be authorised as Capital Works or Expenditure may be classified under a Repair and Maintenance budget instead. If this has resulted in a change in the value of the asset then this information needs to be included in the Asset Register.

Ideally, Council will have registers which are automatically updated as and when necessary.



8. HUMAN RESOURCES General

Managing ‘human resources’ demands a co-ordinated systematic approach. For an effective human resources programme there needs to be upper level commitment towards being a good employer. This commitment should be clearly communicated to staff on a regular basis. Councils commitment is articulated in a Human Resources Policy that covers all legal requirements. This section outlines basic systems that may be used to achieve the desired co-ordination. Context Temora Shire Council produces an Annual Plan. This sets out the goals, objectives and performance indicators for the coming year. This effectively provides the ‘context’ within which Council employees operate. The Annual Plan can be a valuable ‘blueprint’ for Council to use as a basis for their employment contracts. Identify Risks There are two potential risks that occur with regard to Human Resources, They are failing to:

• meet the objectives of the Annual Plan

• comply with legislative requirements Analyse and Evaluate Risks When analysing and evaluating the human resources risks associated with the Annual Plan Council needs to determine two things. Firstly what the Council wants its staff to achieve, either directly or through employment contracts. This should also include a review of the staff levels required to achieve objectives. And secondly what are the potential exposures associated with failing to meet the objectives of the Annual Plan due to human resource failure. Temora shire Council should ensure that it meets the criteria laid down in legislation relating to the employment of staff. A similar approach to the one above is suggested where Council reviews the requirements of the legislation, and the potential impacts of failing to meet those demands. The employment of staff should enable to meet the objectives of the Annual Plan and ultimately the ten year Financial Strategy. Treating the Risk Tools that may assist in Human Resource management, and therefore ‘treating the risk’ are:

• Development of Key Performance Indicators (KPI’s) derived from the Annual Plan



• Job Descriptions that include KPI’s

• Training; this includes Induction Training or General Orientation, Specific Orientation and ongoing training relevant to the work

• Regular reviews of staff performance against KPI’s Having analysed and evaluated the risks to the Council regarding Human Resources it is important to put in place systems that manage the risk. Council has written policies on employment issues that establish agreed impartial procedures and accountabilities.

Example The procedures and accountabilities should include:

• Identifying the need for new staff

• Advertising for new staff

• Appointing new staff and inducting new staff

• Carrying out a training needs analysis or Job Hazard Analysis for all jobs or groups of jobs

• Training all staff to meet the training needs analysis

• Monitoring and supervising all staff to ensure that they become or remain competent in their work

• Carrying out exit interviews

Training of staff as part of Councils policy and procedures includes an orientation programme that is firstly organisation wide and secondly specific to the area within which the person will be operating. Included in the orientation is communication of the Human Resources Policy, and the Councils commitment towards the policy. All staff will require a job description or similar that clearly outlines their role and responsibilities. Included in the job descriptions should be identifiable Key Performance Indicators. These may be derived from and linked to the Annual Plan. Key Performance Indicators provide a measuring tool of work practice for both the employee and Council. Regular review are conducted against the KPI’s. This enables staff to know at what level they are performing. If the staff member is exceeding their given KPI’s then Council has the opportunity to expand their role. Alternatively if the staff member is under performing then the KPI’s provide a guidelines as to what is required form the staff member for practice to improve. Open communication between staff and managers regarding performance levels is maintained at all times. Appropriate insurance cover must be in place and policies developed which enable Council to meet the requirements of the Accident Insurance Act 1998. These should aim to reduce claims occurring and where injuries do occur; they are efficiently and effectively managed.

Example Policies and procedures for Accident Insurance should include:



• Pre-employment health screening

• Reducing occurrence of injuries

• Reporting and recording of accidents and injuries

• Injury and rehabilitation management

• Procedures in relation to non-employees

These procedures should be documented, monitored and reviewed on a regular basis.

9. MANAGEMENT OF INFORMATION General Information can consist of papers, computer information (databases), diskettes, microfiche and so on. The management of information within Council requires a co-ordinated approach. To ensure this co-ordinated approach there must be commitment from the top that is communicated to staff throughout the organisation. Context

How information is used, by whom and the type of information used will help indicate the best way for Council to store, access and archive their information. The Annual Plan may indicate the objectives and goals to Council for the management of information. Legal requirements may also determine how information is to be managed. Identify Risks Potential exposures to Council in not having effective management and control of information can include:

• Full information not available to meet legislative requirements;

• Objectives of the Annual Plan not met;

• Failure to provide sufficient information on request;

• Storage and release of information in breach of legislation. Analyse and Evaluate Risks Council should analyse and evaluate the potential exposure in not having suitable controls in place for the management of information. Council should analyse what information it is required to keep and maintain and what information it is required to provide to stakeholders either on request or as a legal requirement. The demands of Councils activities, legislation and stakeholders should be reviewed and the potential impact of failing to meet these demands evaluated.



Council needs to determine the most suitable medium for storing the information e.g. paper, computer, combination of both and the way information is stored e.g. a centralised system or separate systems dependent on departmental needs. For IT systems the immediate and consequential risks to Council of a major failure mode should be analysed and the appropriate steps taken to protect the IT system. Treating the Risk

Information Generally Council has policies and procedures in place to ensure security of information. When developing or upgrading information management systems, Council should review their legislative and operational requirements. Wherever possible there should be a cross-referencing of information to ensure all information on e.g. a particular site, is available. All information systems should be suitably protected from potential hazards. Suitable security controls must be appropriate to the level of critically and sensitivity of the information.

Example Potential hazards to information security can include:

• Fire, smoke, etc

• Volcanic, seismic activity, etc

• Water

• Dust

• Vibration

• Sabotage

• Electricity supply interference or outage

• Poor categorisation/human error

• Unauthorised access to information or systems

• Defamation e.g. inappropriate use of email

Information Technology Assets Council should establish an inventory that identifies the components of the IT system including:

• Information assets

• Software

• Physical assets

• Services necessary for proper functioning of the IT systems An Asset Management Plan for all IT assets identified in the asset inventory should be developed. Controls should be in place to minimise the likelihood of a system



failure from occurring. Where this is not possible business continuity plans should be implemented for identified direct and indirect consequences. Business Continuity Planning Council should ensure there are documented procedures in place to maintain critical business operations following damage to or failure of information systems. Procedures for monitoring, reviewing and testing these procedures should also be established. Training of staff should include details of the information management procedures and policies in place. The importance of maintaining the integrity of Councils information systems and procedures should be made clear during orientation training and on-going training.

10. FINANCIAL RISK MANAGEMENT General

Temora Shire Council is required to follow established guidelines for the financial management of its resources. To have an effective financial management programme Council needs to have a structural approach to ensure the legal requirements and stakeholder expectations are met. Context The Local Government Amendment Act specifies what a Council must do regarding financial management. This includes:

• The principles to be observed

• A structured framework for decision making

• Provision for public participation

• Requirement to explain funding mechanisms A Council must also comply with Generally Accepted Accounting Practice (GAAP) requirements when preparing financial statements. The Council’s strategy is available for public review and comment before it is finalised. The financial strategy is therefore required to meet the expectations of stakeholders, in particular ratepayers and residents. Identify the Risks Potential risks that can occur with regard to financial management include:

• Legislative requirements not met

• The objectives and goals of the long term financial strategy, policies and Annual Plan are not met

• The objectives and goals of the long term financial strategy, policies and Annual Plan are inconsistent



• Inappropriate use or loss of funds e.g. fraud, theft, interest rate fluctuations Analyse and Evaluate Risks

Temora Shire Council should ensure it is meeting the criteria for financial management as set down in legislation. A review of the relevant legislation should be carried out. When preparing and revising the financial strategy, policies and Annual Plan, Council must ensure it meets stakeholder expectations and obtains their acceptance. Council is aware of the potential exposures of not meeting the objectives and goals set down. Temora Shire Council should identify its risk bearing capacity i.e. it’s ability to absorb unforeseen costs without having to resort to generating additional cash. An assessment of such areas as current cash reserves and investments, possible deferment of capital works, level of debt etc should be made. This should provide the Council with an indication of the amount of risk it can bear before implementing risk treatment options. Treating the Risk Long-term financial plans should be developed in consultation with and be agreed by the Elected Representatives. The Annual Report should include a statement by the Mayor and General Manager in accordance with the relevant section of the Local Government Act. Elected representatives should be involved in the preparation of the financial plans to ensure they reflect Councils goals and objectives and not just sign them off. Financial plans should be linked with the asset management plans to identify any necessary maintenance, renewal and capital expenditure and when it will be required. Temora Shire Council should establish policies and procedures for producing the financial strategy, policies and Annual Plan to ensure legislative requirements are met. The procedure should set out the process for undertaking these to ensure time restrictions are adhered to. Responsibilities should be allocated for the various tasks undertaken so the process to be followed is understood. This should include training of staff and Councillors. Temora Shire Council should consult and communicate with stakeholders. This should ensure acceptance by stakeholders that the Council is allocating funds appropriately and meeting their expectations, Information explaining why funding has been allocated as described in the financial strategy, policies and plans should increase stakeholder understanding and acceptance of Councils objectives and goals. Fraud and theft prevention procedures should be established and reviewed on a regular basis. Fraud prevention must be managed in accordance with all requirements as stated in Temora Shire Council Fraud Control Policy.



Monitoring procedures may include an Audit Committee. See Appendix 3.



APPENDIX 1 Simple Model for the Analysis and Evaluation of Risk The risk categories in the table can be used to indicate perception of a given risk. The risk categories can then be plotted onto the chart. This is the possible severity and frequency of risk with no treatment options in place.

Refer to AS/NZS 4360: 2004 Risk Management and AS/NZS 3931 Risk Analysis of Technological Systems – Application and Guide for a more detailed discussion on the analysis and evaluation of risk.



APPENDIX 2 Suggested Risk Management Structure Within a Council An example of where the Risk Management Committee or equivalent might be placed within a Council structure is shown in the following diagram. This should be modified as required for individual Councils.

Elected Representative

Audit Committee Including

Councillors

General Manager

Corporate Services

Director

Risk Management

Committee or Equivalent

Heads of Department Outside Risk ConsultantsInsurance Officer

Functions of the Risk Management Committee The functions of a Risk Management Committee may include all or some of the following:

• Development of Risk Profile

• Development of “Risk Management Route Map”

• Development of contracts with specialist Risk Management service providers

• Receiving and discussing reports from those suppliers

• Seeking comment on those reports from appropriate departments

• Providing reports to the Audit Committee on the outcome of Risk Management activities

• Co-ordinating initiatives for the avoidance or control of risks



APPENDIX 3 Suggested Functions of an Audit Committee for Council An Audit Committee or sub-committee may be established to provide a strategic monitoring role within a Council. It should form part of the overall corporate governance strategies of a Council. Membership of the Committee might be drawn from senior elected members, senior managers and the external auditor. The Audit Committee should have the explicit authority to carry out an investigation of any matters within its terms of reference, access to necessary resources to do so and full access to information. Functions of the Audit Committee may include the following:

• Review of the financial statements

• Discussions with the external auditor on the review and problems arising from the review

• Liaison with the internal and external auditors

• Review the timetable for preparing the annual financial statements and recommending their approval

• Considering accounting procedures

• Keeping under review the Risk Management programme within the Council

• Ensuring that there are proper internal review and Risk Management strategies in place

• Approval of Risk Management programmes covering the next three years on a rolling programme

• Receiving reports from the Risk Management Committee on the outcome of activities and comparison of those reports with the programme



APPENDIX 4 Examples of Risk Transfer Options for Councils As part of the Business Continuity Planning process a Council should define post loss objectives for each of the major assets and liabilities. Those objectives are used to decide when and how to arrange post loss finance. Each treatment option may include provision for risk finance. Example

• Insurance (replacement, indemnity or other)

• Reserves, funded and allocated

• Reserves, general

• Mutual schemes

• Line of credit The risk finance plans should be regularly reviewed to ensure the following are known and acceptable.

• any double coverage or insurance

• any inadequate cover or under-insurance Other forms of risk transfer may include:

• Contractural transfer e.g. leases, surety agreements, guarantees, waivers

• Leasing arrangements



RESOURCES

Quality Manual Corporate OHS & R Management Plan OHS & R Management Plan RTA Quarry Safety Management Plan Human Resources Policy Manual Local Emergency Plan Management Manual Safe Work Method Statement Job Safety Analysis Risk Assessments OHS & R Committee Footpath Inspection Policy Road Inspection Policy Staff Meetings Inductions Staff Training & Policy TAFE NSW Work Cover Department Mineral Resources RTA Statewide CASA Local Government Association Internet Internal Auditing Australian Standards EPA IPWEA Disaster Recovery and Business Continuity Plan Road Hierarchy Plan Gathering Information Policy Fraud Control Policy

RM12 - Risk Management & Procedures...Temora Shire Council has used AS/NZS 4360:2004 Risk Management...

Documents

Transcript of RM12 - Risk Management & Procedures...Temora Shire Council has used AS/NZS 4360:2004 Risk Management...