How NSW local governments can get ready for the upcoming changes to risk management and internal audit framework requirements.
By March 2021, NSW Councils will be required by the NSW Government to have an Audit, Risk and Improvement Committee (ARIC). With the requirement only a few months away, now is the time to ensure NSW local government entities have a good Governance, Risk and Compliance (GRC) system in place.
What is good governance?
Risk identification and reporting is an essential feature of good governance. It allows the organisation, Executive Team and Management as well as staff to focus attention and resources to those areas which really matter most.
A 2019 report from the NSW Auditor General found that Councils could do more to be better prepared for the new accounting standards, strengthen their asset management practices, and improve their information technology controls as well as cyber security management.
Good governance systems should not only help manage the organisation’s performance, but also help prepare Council for their regulatory requirements and internal Council audits.
Your risk management checklist
Risks are often embedded in business processes and are inherently unavoidable. Taking control of informed risks is part of good business practice, and allows for risks to be identified, analysed, evaluated and treated.
When it comes to risk management, most organisations need to report against two key areas of stakeholder interest:
- Strategic objectives of the organisation,
- Compliance of the organisation
Here's a simple checklist to consider if you are thinking of implementing an Enterprise Risk Management (ERM) system:
- Does the system provide a logical risk management approach with a view to identify, track and report business critical risk exposures, giving full recognition to the organisation’s stated risk appetite through an assured pathway?
- Does the system provide the organisation with a structured and systematic approach to the management of risks and their impact on the achievement of organisational objectives?
Take an organisation-wide approach to audit
Truth occurs when checks and balances are approved, registered and recorded. A strong audit management system holds the organisation's entire audit registers and generates reports easily.
Such systems are a must for executive scrutiny, freedom of information requests (legislated under the GIPA Act in Australia and the LGOIMA in New Zealand) and statutory reporting. They ensure any organisation can be reviewed and audited internally or externally with confidence.
Staff within the organisation work within their boundaries and responsibilities and are reviewed accordingly, but who is reviewing the organisation itself? The Pulse Governance solution provides for the individual activities to be rolled up and reported to demonstrate the organisation’s operational compliance to legislation and statutory requirements with due process maintained.
Managing delegation and policies
A Delegations & Policies Register helps electronically manage Council’s delegations, meet Council reporting requirements, and promote a process for the ongoing management of all Council’s delegations “day in day out”.
The Register is not just a functional system, it is also part of Council’s risk minimisation strategy. It provides continuity of processes regardless of key staff movements and full transparency of each Council delegation. Check that your system ensures delegations are assigned to a position and are managed individually. The Pulse Delegation Solution provides a simple staff dashboard and enables a series of email alerts and workflows to maintain proper due process.
How to report, investigate, and close an incident
When selecting a system to support audit requirements, it is important to have a focused approach to managing incidents. This allows Council to report, investigate, manage, and close out all safety incidents.
Ensure your system uses industry-recognised forms and methodology for the management of incident reporting, near miss reporting and injury reporting, incident investigations as well as the ability to notify personnel when incidents have been reported and comprehensive reporting.
The Pulse Incident Management Module allows for functionality as well as for configurable forms and workflows for incident reporting and investigations. The Pulse solution also integrates with HR, Finance, and other business systems.
Manage your contractor workforce
Council’s traditionally employ a complex workforce including contractors covering various functions. Since regulatory requirements extend to Council's entire workforce, it is critical to onboard and offboard contractors, manage their accreditations, and ensure Council policies and procedures are acknowledged when and where required.
Look for a system that allows Council to conduct contractor inductions and training to ensure the contractor workforce complies and is ready from day one. The Pulse solution includes e-learning, comprehensive contractor insurance management, system requests, approvals, and the management of contractor safety and procedure documentation, such as:
- Contractor safety reporting via a single click - including the ability to report hazards and incidents
- Contractor work approvals, Job Safety Analysis (JSA), Safe Work Method (SWM) Statements, and Risk Assessment approvals