Central
Otago District Council
Strategic Risk Register Version 1
|
Risk Exposure
|
Residual
Risk Assessment
|
Business
Improvement
|
|
Risk
CONTEXT/THEME
|
Risk #
|
Consequence
|
Likelihood
|
Risk
Rating (INHERENT)
|
Risk
Description
‒ Use
draft statements as prompts for identifying risk exposure
‒ Add,
amend or remove risks as required to accurately cover the business activity
|
Risk
Controls
‒ What
is in place (working) and what are areas of 'uncertainty' (not working)?
‒ What
are the current controls = e.g. policies / procedures / R&R / systems /
processes
‒ What
assurance is in place = e.g. how do you monitor risk / review / audit / key
indicators
|
Consequence
|
Likelihood
|
Risk
Rating (RESIDUAL)
|
Risk
Exposure
(% indicative)
|
Risk
Management Plan/mitigation strategies and Business Improvement
- How can / should the risk exposure be treated, managed
or controlled?
- What improvement activities are underway or planned to reduce the
risk?
|
Effectiveness
of
CURRENT
Control
|
Risk
Owner
|
Review
Date
|
Environmental Considerations
|
1
|
3 Moderate
|
3 Possible
|
MEDIUM
|
Climate change - Failure to deliver on
climate change initiatives and/or manage weather events, which could impact
infrastructure assets, services and the community
|
Initiatives
outlined throughout Council’s Sustainability Strategy
Council fleet – low emission vehicles, hybrid and electric cars
Business Continuity Planning
Adequate resourcing
Carbon emissions measurement and reduction programme
Infrastructure resilience plan
Hazard management through the RMA
Climate change implications study
Participate in ORC initiatives
Support from and member of Regional Centre
Funding initiatives through LTP – to improve carbon reduction
Long Term Plan and Infrastructure Strategy includes climate change
consideration
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
2
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Local natural environment and biodiversity -
Failure to develop, implement and effectively resource environmental policy
and operational controls.
|
Software monitoring
external consents
Sustainability strategy
Compliance monitoring
Administering the District Plan and meeting the RMA
Skilled and qualified employees
Prioritise and fund
projects to reduce environmental damage from Council activities
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
Statutory & Regulatory Reform and Compliance
|
3
|
3
Moderate
|
2
Unlikely
|
MEDIUM
|
Liability from not meeting compliance and regulatory standards - The
organisation is unable to appropriately deliver statutory and regulatory
obligations.
|
Adhering to
policies and procedures
Reporting processes
Audits
Skilled and qualified employees
Training
Engaging appropriate and qualified external consultants to support work
programmes
Environmental scans
Project planning
Insurance
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
4
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Significant
statutory reform and compliance - Growing volume and complexity
of demand across services increases risk of failure to meet statutory
requirements.
|
Intentional
participation by key staff and EM in the sector reform programme
Proactive engagement with partner agencies
Community consultation
Business continuity planning
Council processes and policies ensure regulatory standards are communicated
and met
Reporting, ensuring ongoing monitoring and compliance
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3 Partially
Effective
|
|
|
Internal
Operational Environment
|
5
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Fraud, bribery and corruption - Risk of
fraud, bribery or wrong doing.
|
Council Processes
and Policies
Fraud awareness training
Mechanisms for reporting Fraud
Electronic Purchase Order System implemented
Internal and external audits
Financial reporting
Gift and hospitality register
Conflict of interest register
Internal top-down messaging
Audit
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
6
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Service
delivery & fit for purpose community assets / asset management - Failure to
understand community needs, effectively deliver, manage and maintain Council
owned assets and align service delivery to meet requirements.
|
Adhering to Long
Term and Annual Plans
Engagement with the community
Community Board involvement
Reporting against results
Advanced procurement models for longer term maintenance contracts
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
7
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Succession
and resource challenges - Failure to provide adequately skilled and experienced
resource and succession planning.
|
Offer
apprenticeship/cadet positions
Provision of training and support
Development of recruitment and retention strategies
Policies and processes in place
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
8
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Culture - Failure to maintain good
workplace culture.
|
Ongoing development
of Council processes and policies
Staff engagement survey
Staff Support initiatives (i.e. EAP, flu shots)
Values
1:1 meetings
Fair pay
Workload management
Development opportunities
Ongoing coaching and support for leaders and managers
Opportunities for social connections
Flexible working arrangements
Effective allocation of resources
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
9
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Financial management - Poor financial governance or
lack of financial planning and management.
|
Council policies
and processes
Financial and work planning
Financial Strategy
Training
Forecasting
Transparent financial reporting
Audits
Quality data informing decisions and reporting
Governance and Executive oversight
Segregation of duties
Financial authority delegations
Pre-employment checks
Conversations and
communication around risk areas
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
10
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Information management practice and technology risk - Poor
management and practice.
|
Cyber Security
system
Awareness of technological advancements within the varying sectors
Information services policies and processes
Regular targeted training
Audit
IS BCP
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
11
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Treaty of Waitangi obligations - Ineffective relations
with local Iwi and failure to meet legislative requirements.
|
Continuing to look
for opportunities with local Iwi
Consult through relevant consenting policy and other projects
Te Reo training – cultural competency
Relationship
agreement with Aukaha negotiated and agreed for inclusion in the 2022/23
Annual Plan
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
12
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Major event impacting on operational delivery -
Significant unplanned events.
|
Training on
Emergency Management processes and procedures
Appropriate contingency plans and Risk Identification
Coordination with Civil Defence Emergency Management Otago and other regional
councils
Contractual relationships enabling response
Asset and service monitoring capability
Infrastructure Strategy has been produced, part of which outlines significant
challenges, risks and their mitigations
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
13
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Operational and project delivery - Poor
planning and decision making.
|
Project Management
framework
Development around project management specialist capabilities
Focus on embedding Project Planning
Appropriate contingency plans
Staff training and development around legislation and practice
Quality management systems
Audits
Identify capacity and resource needs
Project governance group
Project advisory group
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
14
|
3
Moderate
|
3
Possible
|
MEDIUM
|
Health, safety and wellbeing - Failure
to meet health and safety obligations, leading to increased incidents
impacting on the safety of employees and stakeholders.
|
Culture
SiteWise requirement for suppliers and evaluation of contractor and culture
Health, Safety and Wellbeing
Ongoing development and review of Health, Safety and Wellbeing Framework and
policies
Staff training and induction
Health, Safety and Wellbeing committee and representatives in place
Task level inspections, observations and checklists
Health, Safety and Wellbeing function performance management
|
3
Moderate
|
3
Possible
|
MEDIUM
|
60%
|
|
3
Partially Effective
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Key
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Critical
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
High
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Medium
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Low
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|