Skip to main content

Risk Management Policy

Version 4.0

Purpose and Intent

The purpose of this policy is to clearly document the organisation’s commitment to risk management principles to:

  • Increase the likelihood of achieving objectives,
  • Encourage proactive management,
  • Establish a reliable basis for decision making and planning,
  • Improve operational effectiveness and efficiency and improve organisational resilience,
  • Enhance health and safety performance as well as environmental protection,
  • Improve the identification of opportunities and threats,
  • Improve financial reporting and governance,
  • Comply with relevant legal and regulatory requirements.

Council has a Common Law duty of care and statutory responsibilities to ensure that risk management is incorporated in all aspects of its business. The relevant standard is AS/NZS ISO 3100: 2018 Risk Management – Principles and Guidelines.

Risk Management is not a stand-alone function that is separate from the main activities and processes of the organisation. It is an integral part of all organisational processes, including strategic planning, project and change management processes.


The policy is applicable to all Council employees, operations, functions and programs. This includes any activities undertaken on behalf of the Council, by contractors or representatives of Council.


Key term



means Casey City Council, being a body corporate constituted as a municipal Council under the Local Government Act 1989


means the individuals holding the office of a member of Casey City Council

Council officer

means the Chief Executive Officer and staff of Council appointed by the Chief Executive Officer.


A risk is defined as the effect of uncertainty on objectives.

Risk Management

Coordinated activities to direct and control an organisation with regard to risk.

Risk Management Framework

The set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation.



The City of Casey is actively committed to:

  • Ensuring that all decision making within the organisation involves the consideration of risk and the application of risk management to some appropriate degree,
  • Ensuring that the risk management process is integrated into the business processes of the organisation,
  • Assigning accountabilities and responsibilities at appropriate levels within the organisation,
  • Ensuring that the necessary resources are allocated to risk management,
  • Ensuring that the framework for managing risk continues to remain appropriate,
  • Protecting the organisation, its employees, contractors, assets and the community against reasonably foreseeable loss and injury, and
  • Ensuring legal and regulatory compliance.

In accordance with its common law duty of care, statutory responsibilities and Council policy, the Council will make certain that resources are allocated to:

  • Maintain staff health and safety,
  • Maintain Council’s assets,
  • Ensure continuity of service,
  • Reduce Council’s liability and minimise or eliminate other circumstances which may cause a loss to Council, and
  • Assign sufficient funds in the budget to maintain a pro-active approach to risk management.

The City of Casey recognises that risk management is essential for sound strategic and financial planning and ongoing business.

Fundamental to risk management are the following objectives:

  • To improve the identification of opportunities and threats,
  • To identify and analyse the organisation’s liability associated with risk exposure,
  • To protect staff, contractors and the community against personal, physical and financial losses that is within the control of the City of Casey,
  • To protect the corporate image as a professional, responsible and ethical organisation,
  • To recognise that risk management is the responsibility of all managers and staff,
  • To promote and support risk management practices throughout the organisation,
  • To monitor the risk management practices of the organisation to ensure continued effectiveness, consistency and efficiency,
  • To adopt risk management processes as set out in the Australian/International Standard for Risk Management (AS/NZS ISO 31000:2018) and other relevant guidelines and standards.


Regular reporting is required to monitor the effectiveness of the risk management process. Reports will be provided to Council and the Audit and Risk Committee twice yearly and to the Executive Leadership Team quarterly. 


All employees and service providers are responsible for effective risk management practices and ensuring that managers are informed of risks associated with the organisation’s operations. Each manager is accountable for implementing this plan in their area of responsibility.

Specifically, this means the responsibility for the management of risk can be described as follows:



Audit and Risk Committee

The Audit and Risk Committee will:

  • Monitor, review and advise the Council on the standard of its risk management,
  • Make assessments and recommendations in relation to risk management and measure and evaluate the effectiveness by reviewing Casey’s activities,
  • Endorse and monitor a comprehensive risk based cyclical strategic audit plan.


The Council will review the Risk Management Policy and amend as required and provide adequate budgetary provision for risk management strategies to be implemented.

Chief Executive Officer (CEO)

The Chief Executive has the ultimate responsibility for ensuring that Risk Management is managed across the Council.


Directors are responsible for their Division’s risk management performance, including:

  • Ensuring any strategic risks allocated to their division are actioned, monitored and reported on
  • Ensuring operational risk management plans that identify, assess and manage key risks within their Divisions are developed and implemented.
  • Ensuring appropriate resources are made available to complete actions and achieve targets.
  • Reporting to the Audit & Risk Committee on an annual basis on their divisional risk profile
  • Notification of very high risks including treatment options to the CEO and Director Corporate Services.

Director Corporate Services

The Director Corporate Services is the senior executive responsible for establishing and facilitating a risk management framework, strategy and corporate program.

Employees/ Contractors

Expectations of employees and contractors are to:

  • Perform duties in a manner which is within an acceptable level of risk to their own health and safety, other employees, Council’s customers or the community in general.
  • Immediately report risk exposures and losses to supervisors and where possible act to minimise any further loss.
  • Be aware of the risk management philosophy and processes in the organisation.
  • Be responsible for effective risk management practices and ensuring that managers are informed of risks associated with the organisation’s activities.

Executive Leadership Team (ELT)

The Executive Leadership Team is responsible for:

  • Monitoring quarterly reports from the Risk Management Coordinator which include the operational and strategic risk register actions, insurance claims and trends
  • Providing leadership and being the driving force to the processes underpinning the Risk Management Framework.
  • Maintaining a risk aware and intelligent workforce.
  • Acting as the Risk Management Committee


Managers are responsible for the:

  • Development of annual operational risk management plans in conjunction with the annual business planning process.
  • Preparation and implementation of actions for each aspect of operational risk.
  • Monitoring and regular reporting of the Departmental Risk Management Plan action plans to ensure actions are appropriate, effective and timely having regard to current conditions and practice.
  • Encouragement and reinforcement of positive risk management behaviors.
  • Ensuring that staff attend adequate training on a regular basis.
  • Monthly reporting and review of very high- and high-risk mitigation strategies using Interplan.
  • Regular reviewing of departmental risk registers in line with organisational standards.

Manager Governance

Manager Governance is responsible for:

  • Assisting the Director Corporate Services in establishing and facilitating the risk management framework, strategy and corporate program through the organisation and in ensuring that the Risk Management Co-ordinator undertakes the listed responsibilities
  • Providing reports to Council and senior management on all insurance claims, implementation of the Strategic Risk Management Plan and any risks.

Risk Management Coordinator

Risk Management Coordinator is responsible for:

  • Recommending and assisting Council, the Chief Executive officer, Directors and Managers in implementing prevention and loss control programs and maintenance of records.
  • Developing and maintaining the corporate risk registers.
  • Providing risk management and insurance related information as requested.
  • Providing staff with continued access to adequate training in risk management.
  • Providing regular reports to Council, the Audit & Risk Committee, the Executive Leadership team and others as required.


Breaches of this policy may result in action being taken in accordance with Council’s Disciplinary Code and may result in termination of employment.

Relevant Forms


Document History

Date approved

Change Type


Next Review Date

16 July 2019

Transfer to new template


31 July 2023

19 March 2018



31 March 2022