Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
NATIONAL
COMPETITION
COUNCIL
Risk Management Plan
2020
National Competition Council Policy
Document
May 2020
NCC Risk Management Plan 2020
Page 2
1 INTRODUCTION
1.1 What is risk management?
Risk management is the culture, processes and structures that are directed towards taking
advantage of potential opportunities while managing potential adverse effects. The purpose is
to achieve an appropriate balance between realising potential opportunities and minimising
adverse effects. This requires systematically managing activities that involve a material
degree of risk of loss or other damage to the Commonwealth.
The National Competition Council (Council) has developed this document to deliver its
obligations under the Public Governance Performance and Accountability Act 2013 (PGPA Act).
In particular, this document assists the Accountable Authority to meet its obligations under
section 16 of the PGPA Act. Section 16 of the PGPA Act provides that, effective from 1 July
2014, accountable authorities of all Commonwealth entities must establish and maintain
appropriate systems of risk oversight, management and internal control for their respective
entities. This document has been developed in accordance with the Commonwealth Risk
Management Policy 2014. In accordance with the PGPA requirements, the Council regularly
reviews its Risk Management Plan. The Council’s Risk Management Plan explicitly
acknowledges the requirement for the Executive Director and staff providing secretariat
services to the Council to promote the efficient, effective and ethical use of Commonwealth
resources.
The Council recognises the importance of properly identifying and treating the risks associated
with its functions and activities. In particular, a productive, innovative and efficient agency
requires a careful approach to managing risks and to assessing risk management.
This Risk Management Plan includes appendices as follows.
Appendix A contains the Council’s Risk Management Policy Statement.
Appendix B details the manner in which the Council has assessed its level of risk.
Table 2 of this appendix sets out the risks facing the Council and assesses the threats
to the Council in 2020 and beyond based on judgments about the likelihood and
consequences of each risk.
Appendix C contains the Council’s Risk Management Register and Work Plan for
2020-21. The appendix analyses and prioritises the risks identified in Appendix B to
determine required management actions. The register and work plan includes action
dates for the implementation of risk management strategies.
Appendix D summarises staff roles and responsibilities in relation to risk
management.
Appendix E summarises the Council’s business continuity arrangements.
1.2 Objectives of risk management
Losses relating to functions and activities can emanate from internal and external sources.
Losses can arise from client dissatisfaction, adverse publicity, poorly performing executive and
ACCC staff undertaking Council work, equipment or computer failure, legal and contractual
NCC Risk Management Plan 2020
Page 3
matters and fraud.
It is not possible to have a totally risk free environment. The Council must assess what
constitutes an acceptable level of risk against judgments about the costs and benefits of
particular courses of action.
The Council’s objectives in adopting a risk management plan are to:
ensure that the major risks faced by the Council are identified, understood and
appropriately managed
ensure that the Council’s planning and operational processes focus on areas where
risk management is needed, and
create an environment where Councillors, the Executive Director and staff utilised at
the ACCC take responsibility for identifying and managing risk.
2 BENEFICIAL OUTCOMES
2.1 Why have risk management?
Risk management is an integral part of business planning. Appropriate risk management
policies and practices minimise the Council’s exposure to the consequences of adverse events.
Such events may include:
an inability to meet stakeholder requirements
provision of incorrect information or inadequate advice to a government minister
and consequent failure of policy to achieve its objectives
injury to Councillors
a potential or actual financial loss to the Australian Government
damage to or destruction of or loss of Australian Government property
organisational and political embarrassment
loss of professional reputation
changes to government(s) policy affecting the functions, workload and integrity of
the Council, and
an audit or legal problem.
The risk management process comprises the systematic application of management policies
and appropriate written procedures and practices to identify, analyse, evaluate, monitor and
minimise risk.
2.2 Benefits of a risk management plan
Implementation of an integrated and rigorous approach to risk management:
increases the chances of avoiding costly and unacceptable outcomes, particularly
those arising from unexpected events
provides a better understanding of Council issues and functions and supports
continuous improvement in the Council’s operations
allows the Council to better contribute to the development of regulation and policy
relating to third party access;
NCC Risk Management Plan 2020
Page 4
helps maintain morale of Councillors and ACCC staff utilised to do work for the
Council
provides a reporting framework to assist with meeting corporate governance
requirements, and
allows for more structured and accountable business planning and project
management.
3 RISK MANAGEMENT POLICY AND PROCESS
3.1 The Council’s risk environment
The Council’s Risk Management Plan is framed in light of the initiatives and objectives as set out
in its Corporate Plan 2019-2020. The Risk Management Plan takes into account the Council’s
size and the nature of its operations. The Council is a small, non-commercial, government
agency that is financially dependent on a Parliamentary appropriation. The Council helped
deliver the National Competition Policy (NCP) reform program Australian governments
committed to in 1995 until the conclusion of the NCP in 2005-06, and now advises government
ministers concerning third party access to the services of national monopoly infrastructure. In
doing so, the Council advises governments and ministers (Commonwealth, state and territory),
makes some (limited) decisions and consults with a range of external stakeholders.
From 1 July 2014 the Council entered into a Memorandum of Understanding (MOU) with the
Australian Competition and Consumer Commission (ACCC), whereby the ACCC provides
secretariat services to the Council. Hence, rather than directly engaging staff (and other
resources), the Council draws on ACCC staff and resources when required. The new
arrangements are structured so as to maintain the Council’s independence, whilst enabling the
Council to provide high quality and timely recommendations in response to access-related
applications. The ACCC has its own Risk Management Policies, Procedures and Guidelines which
are applicable to its staff, including when they are undertaking Council work. The Council and
the ACCC have also put in place a Conflict of Interest Protocol, and Confidential Information
Protocol, for ACCC staff working on Council matters.
3.2 Risk identification and treatment
The Council faces risks that may affect:
its reputation, and/or that of its Councillors and/or stakeholders in regard to quality
of the information, advice and recommendations it provides
its performance against strategic priorities, such as the achievement of legislated
milestones, and
the integrity of its decisions and processes.
As well as the strategic and performance-related risks inherent in its work, the Council also
enters into contracts of a commercial nature. This may create additional financial and
commercial risks.
For each category of risks it faces, the Council has assessed the likelihood and potential
consequences of an adverse event, prioritised each category of risk according to the level
NCC Risk Management Plan 2020
Page 5
of threat facing the Council and determined its risk appetite. The Council has then determined
strategies for managing risks, devoting greatest resources to the risks considered to present a
severe, substantial or major threat. (Appendix B identifies the potential risks facing the Council
and assesses and prioritises the level of threat posed by each risk. Appendix C provides a
Work Plan for managing the identified risks.)
Under the MOU, the ACCC provides a range of services to the Council. This arrangement gives
rise to some risks that are shared between the entities (e.g. the provision of IT equipment and
payroll/accounting services). These risks are mitigated and managed through the risk
management frameworks, policies and strategies implemented by the ACCC. Furthermore, the
annual testing of ACCC/AER business continuity planning specifically includes considerations of
potential impact arising from an ACCC/AER business event to the Council; and should such
impact eventuate, the ACCC will notify the Council and/or the Council’s Audit Committee.
3.3 Risk Management Plan
Accountable authority responsibilities
The accountable authority of the Council is responsible for an entity’s performance in managing
risk. The accountable authority defines who is responsible for determining an entity’s appetite
and tolerance for risk and allocates responsibility for implementing the entity’s risk
management framework. The responsibility for the day-to-day management of risk lies with
staff at all levels.
Staff responsibilities
All ACCC staff working on Council matters are expected to contribute to minimising risks.
The Executive Director is responsible for ensuring that the risk management
processes and controls identified in the Work Plan are built into the strategic and
business planning of the Council.
The Executive Director is responsible for coordinating the implementation of the
Risk Management Plan and reporting to the Council in a timely and effective
manner.
The Executive Director is responsible for overseeing the implementation of
processes relevant to the Council’s work, including ensuring that ACCC staff working
on Council matters understand the Risk Management Plan and implement endorsed
processes.
The Council’s Audit Committee provides general direction on the scope and implementation of
the Risk Management Plan. The Audit Committee considers the Council’s performance against
the plan and reviews the Council’s risk management arrangements every two years.
(Appendix D summarises staff roles and responsibilities in relation to risk management.)
4 OUTCOMES
4.1 Deliverables
The key deliverables in the Risk Management Plan are the management actions identified in the
NCC Risk Management Plan 2020
Page 6
Work Plan (see appendix C).
To ensure effective achievement of the deliverables, the Council:
has educated staff it utilises from the ACCC on its risk management procedures and
trains additional contractors as appropriate
monitors performance against its work plan
monitors the risks associated with contractors and clients, and ensures that
management of risks is appropriately considered in contracts
incorporates consideration of risk management performance into the performance
assessment of the Executive Director
considers performance against the Risk Management Plan annually
includes risk management, code of conduct and fraud control awareness in
induction material for ACCC staff undertaking Council work, and
ensures the Risk Management Plan, any changes to the plan, and related
information are provided to ACCC staff that undertake Council work, and that the
plan is published on the Council’s website and ACCC intranet.
4.2 Financial implications
The costs of implementing the Risk Management Plan are predominantly ACCC staff time,
particularly that of the Executive Director. Given its small size, narrow set of functions and
relatively low risk environment, the Council does not allocate funding explicitly for risk
management activities.
There is expected to be a net benefit from the operation of the plan, arising from lower
costs from reduced:
staff time lost as a result of adverse events
litigation costs, and
insurance premiums.
There will, of course, be other gains such as benefits from the provision of better advice and
information to governments and other key stakeholders and improved morale.
5. REVIEW
The Audit Committee reviews the Risk Management Plan every two years. The next review will
occur at the first meeting of the Audit Committee in 2022.
NCC Risk Management Plan 2020
Page 7
Appendix A Risk Management Policy Statement
1. The Council is committed to the management of risks to protect:
the governments it advises
its other stakeholders
its quality of service
its assets and intellectual property
its contractual and statutory obligations, and
its image and reputation.
2. Risk management is a key part of improving the Council’s business and services. The Council’s aim is to achieve best practice in managing all risks.
3. Risk management standards involving risk identification and risk evaluation linked to
practical and cost-effective risk control measures are in place and are regularly reviewed.
4. Risk management is a continuous process demanding awareness and proactive measures
by all the ACCC employees who perform Council work and outsourced service providers to
reduce the occurrence and impact of risk events.
5. The Council’s Risk Management Plan assists the Executive Director and ACCC staff who
perform Council work to apply appropriate risk management arrangements and to develop
skills in dealing with and understanding risk management. The nine elements of the
program are:
Development of a risk management policy
Establishing a risk management framework
Defining responsibility for managing risk within the Council
Embedding systematic risk management into the Council’s processes, ie,
assessment and prioritisation of the risks facing the Council
Supporting the development of a positive risk culture
Consulting and reporting on risk management policy and any issues
Implementing arrangements to understand and manage shared risk, ie,
educating and training in risk management of ACCC staff who perform Council
work.
Maintaining risk management capability, and
Reviewing and continuously improving the management of risk
NCC Risk Management Plan 2020
Page 8
Appendix B Threats posed to the Council
Introduction
This appendix identifies the risks facing the Council and prioritises them on the basis of the
potential overall threat that each risk poses to the Council in the period 2020 and beyond.
Assessing the threat posed to the Council
The Council has estimated the potential threat posed by each category of risk on the basis of
the likelihood of occurrence of the risk (frequency or probability) and the expected
consequence (impact or magnitude). The basis for the Council’s assessment of potential
threats is set out in Table 1.
Table 1 Level of threat posed by risks: likelihood of occurrence and consequences of risks
Likelihood
Consequences
Extreme Substantial Medium Minor Negligible
Almost certain severe severe high major significant
Likely severe high major significant moderate
Possible high major significant moderate low
Unlikely major significant moderate low very low
Rare significant moderate low very low very low
Examples of the level of threat
1 - Severe: consequences would threaten the survival of the Council
2 - High: consequences are significant for the effectiveness, operations and reputation of
the Council, but are unlikely to threaten the survival of the Council
3 - Major: consequences are signif icant for particular programs and operations and
threaten continuation of those programs or impair their effective undertaking
4 - Significant: consequences adversely affect particular programs and operations and the
effectiveness of the Council
5 - Moderate: consequences may affect effectiveness of particular programs and
operations
6 - Low: minor consequences for the Council and/or particular programs and operations
7 - Very low: negligible consequences for the Council and/or particular programs and
operations
NCC Risk Management Plan 2020
Page 9
What is an acceptable risk?
Determining that a risk is acceptable does not imply that the risk is insignificant. A risk may be
considered to be acceptable because:
the threat posed is assessed to be so low (for example because the likelihood of
occurrence is rare) that specific treatment is not necessary
the risk is such that the Council has no available treatment, for example, the risk of a
change to a particular project might occur following a change of government
the cost of treating the risk is so high compared to the benefit from successful
treatment, or
the opportunities presented outweigh the threats to such an extent that the risk is
justified.
The Council is willing to accept significant, moderate, low or very low risks, and through the Executive Director and/or the President will act to monitor and manage severe, high or major risks. The Council has determined its risk appetite and associated management/treatment actions for each level of risks, as set out in the section below.
Treatment of risks
Treatment involves deciding what management measures need to be put in place to minimise
the threat posed by identified risks. Treatment options include:
measures aimed at avoiding or minimising the risk
measures to reduce the threat posed by the risk, either by reducing the likelihood of
the risk and/or its consequences
measures aimed at improving the capacity of the Council and the ACCC staff who
perform Council work to deal with actualised threats
transferring the threat by shifting the risk to another party via, for example,
contracting out or insurance, and
accepting the risk without taking any action to avoid it, but monitoring the risk and
ensuring that the Council has the financial and other capacities to cover associated
losses and disruptions.
Risk appetite and strategic approach to managing each level of threat
No. Level of threat Appetite Responsible officer(s) and action
1 Severe No appetite Executive Director to develop a detailed management plan; specific management by the President and the Executive Director
2 High Low appetite Executive Director to develop a detailed management plan; specific management by the President and the Executive Director
3 Major Moderate appetite
Ongoing monitoring and management action by the Executive Director
4 Significant Moderate appetite
Ongoing monitoring by relevant ACCC staff with action as necessary
NCC Risk Management Plan 2020
Page 10
5 Moderate Moderate appetite
Ongoing monitoring by relevant ACCC staff with action as necessary
6 Low High appetite Ongoing monitoring by relevant ACCC staff with action as necessary
7 Very low High appetite No action generally required
Risk register
Table 2 provides a register of the level of threat to the Council in the period 2020-21 from
identified, unmitigated risks.
Page 10
NCC Risk Management Plan 2020
Table 2 Register of unmitigated risks and assessment of threat 2020-21
Threat Description of the risk Likelihood of
occurrence
Consequences of
occurrence
Assessed threat to the
Council
1 Political, funding or regulatory function changes that affect the Council Possible Extreme High (2)
2 Inability to maintain a quorate Council comprising appropriately qualified non-
conflicted Councillors
Possible Substantial Major (3)
3 Incorrect or poorly reasoned advice or information to the Treasurer, governments or
other stakeholders
Possible Substantial Major (3)
4 Litigation against the Council arising from incorrect or poorly reasoned advice or
process
Possible Substantial Major (3)
5 Damage to credibility from overturn of a recommendation Possible Substantial Major (3)
6 Inability to fund significant litigation Unlikely Substantial Significant (4)
7 Essential information lost, including information that is the property of external
parties
Rare Extreme Significant (4)
8 Secretariat arrangements with ACCC fail to support the Council’s independence,
including through actual or perceived conflicts of interest with the Council
Possible Substantial Significant (4)
9 Financial loss, including due to fraud against the Commonwealth Unlikely Substantial Significant (4)
10 Failure of contractors to fully comply with their contract obligations Unlikely Medium Moderate(5)
11 Failure to meet reporting deadlines Possible Medium Significant (4)
12 Inability to secure suitable personnel to perform secretariat services Unlikely Substantial Significant (4)
13 Lack of access to or failure of ACCC’s IT and communications systems /equipment and support that the Council relies upon
Possible
Medium Moderate (5)
14 Improper disclosure of information, including emails to Councillors Rare Substantial Moderate (5)
15 Councillor injury or illness due to workplace causes including official travel (work
health and safety matters)
Rare Medium Low (6)
Page 11
NCC Risk Management Plan 2020
Threat Description of the risk Likelihood of
occurrence
Consequences of
occurrence
Assessed threat to the
Council
16 Councillor illness due to exposure to COVID-19 while on official duties Rare Medium Low (6)
Page 12
NCC Risk Management Plan 2020
Appendix C Risk Management Action Plan 2020-21
Table 3 describes the risk management treatments (actions) to be implemented and the residual risk rating after treatment.
The Council is comfortable with the residual level of risk once the risk mitigation actions have been implemented.
Table 3 Risk Management Action Plan 2020-21
Risk Description of the risk Assessment of the threat posed
by the unmitigated risk
Risk mitigation action Timing of management
action
Assessment of the threat
posed after risk mitigation
action 1 Political, funding or
regulatory function changes that affect the Council
High (2) 1. Contact with Commonwealth ministers and ministers from other jurisdictions and their advisors to explain access issues under Part IIIA and the National Gas Law
2. Contact with Treasury and other agencies to monitor potential changes in policy and legislation
3. Council participation where possible at senior level, in external processes covering areas of work that are relevant to the Council
All controls in place.
This risk is largely
outside Council’s control.
High (2)
2 Inability to maintain a quorate Council comprising appropriately qualified non-conflicted Councillors
Major (3) 1. Ministers and Treasury kept aware of their responsibilities on Councillor appointments
2. Three Councillors appointed at all times 3. Liaise with Treasury to outline the value of having a fourth Councillor
All controls in place
Significant (4)
3 Incorrect or poorly reasoned advice or information to the Treasurer, governments or other stakeholders
Major (3)
1. ACCC staff conducting Council work are appropriately supervised and monitored
2. Regular meetings with ACCC staff conducting Council work are held with Executive Director
3. Recognised economic and legal experts contracted to provide advice on significant matters where the Council does not have expertise
4. Council meetings to provide oversight and advice 5. Effective links with governments 6. Advices, information, etc to governments and others on sensitive and
key issues approved by Council, Executive Director and/or President
All controls in place
Significant (4)
Page 13
NCC Risk Management Plan 2020
Risk Description of the risk Assessment of the threat posed
by the unmitigated risk
Risk mitigation action Timing of management
action
Assessment of the threat
posed after risk mitigation
action 4 Litigation against the
Council arising from incorrect or poorly reasoned advice or process
Major (3) 1. Recognised economic and legal experts contracted (for legal experts, using APS Legal Services Multi-use List or similar) to provide advice on significant matters where the Council does not have expertise
2. Council meetings to provide oversight and advice 3. Advice, information, etc to governments and others on sensitive and
key issues always approved by the Council, Executive Director and/or President
All controls in place.
Executive Director monitors relevant APS processes.
Significant (4)
5 Damage to credibility from overturn of a recommendation
Major (3) 1. Recognised economic and legal experts contracted (for legal experts, using APS Legal Services Multi-use List or similar) to provide advice on significant matters where the Council does not have expertise
2. Council meetings to provide oversight and advice 3. Advice, information, etc to governments and others on sensitive and
key issues always approved by the Council, Executive Director and/or President
4. Best affordable legal representation is obtained
All controls in place.
Executive Director monitors relevant APS processes.
Major (3)
6 Inability to fund significant litigation
Significant (4) 1. Insurance cover in place, reviewed annually 2. Appropriation available each year to cover normal legal costs and
measures to obtain additional funding if necessary
All controls in place.
Appropriation (and reserves) sufficient to provide Council services including nominal budget allocation for external legal and
economic services.
Moderate (5)
Page 14
NCC Risk Management Plan 2020
Risk Description of the risk Assessment of the threat posed
by the unmitigated risk
Risk mitigation action Timing of management
action
Assessment of the threat
posed after risk mitigation
action 7 Essential information lost,
including information that is the property of external parties
Significant (4) 1. ACCC staff conducting Council work are located in secure office buildings with access available only via access card
2. Data maintained on servers is backed up nightly and located off-site, managed by the ACCC
3. Effective electronic document management 4. Councillors implement basic security measures for their electronic
devices when using Blackberry: including password protection and remote wipe capabilities (advice issued).
5. Files that contain sensitive information converted to pdf format and marked with appropriate document classification level
6. Council papers and Audit committee papers stored on Govteams or similar platforms, with access provided to Councillors (and ACCC staff as appropriate).
All controls in place.
Effective document management system is managed by the ACCC’s systems
Significant (4)
8 Secretariat arrangements with ACCC fail to support the Council’s independence, including through actual or perceived conflicts of interest with the Council
Significant (4) 1. ACCC-NCC Conflict of Interest Protocol agreed between the agencies, and followed by ACCC staff
2. ACCC-NCC Confidential Information Protocol agreed between the agencies, and followed by ACCC staff
3. ACCC staff, including Executive Director, discharge duties to the Council in accordance with the Council’s direction
4. Regular consideration of matters at Council meetings to provide independent oversight of secretariat activities
5. External peer review mechanisms available to be utilised where cost-effective to do so
6. Periodic reporting by Executive Director to Council of ACCC staff working on NCC-related matters
All controls in place.
Ongoing Council oversight on matters before it.
Significant (4)
Page 15
NCC Risk Management Plan 2020
Risk Description of the risk Assessment of the threat posed
by the unmitigated risk
Risk mitigation action Timing of management
action
Assessment of the threat
posed after risk mitigation
action 9 Financial loss, including due
to fraud against the Commonwealth
Significant (4) 1. Financial delegations and established processes for approval of expenditure in place
2. Fraud Control Plan in place and reviewed every two years 3. Certificate of (financial) Compliance process undertaken annually
All controls in place.
Fraud Control Plan reviewed in May 2020.
Annual certificate of (financial) compliance / agency viability process undertaken in accord with Finance Minister’s requirements.
Moderate (5)
10 Failure of contractors to fully comply with their contract obligations
Moderate (5) 1. Performance of contractors against their obligations monitored 2. Arrangements for reporting to contractors on their performance
relative to their obligations in place 3. Contracts include, where feasible, performance indicators and penalties
for non-compliance
All controls in place.
Low (6)
11 Failure to meet reporting deadlines
Significant (4) 1. Work program regularly reviewed 2. Project team meetings, as required, to review progress 3. Standardised application templates and processes with all information
required for public participation on the Council website 4. Strong emphasis placed on meeting statutory timeframes, including
reporting to Parliament in annual report
All controls in place.
Council considers work program and oversees progress with major issues at meetings.
Moderate (5)
Page 16
NCC Risk Management Plan 2020
Risk Description of the risk Assessment of the threat posed
by the unmitigated risk
Risk mitigation action Timing of management
action
Assessment of the threat
posed after risk mitigation
action 12 Inability to secure key
personnel to perform secretariat services
Significant (4) 1. ACCC provides all secretariat services required by Council and has a large pool of staff available to it to perform its work
2. ACCC has an attractive work environment including diverse, challenging and rewarding work with maximum possible flexibility provided when possible
All controls in place and regularly reviewed.
Moderate (5)
13 Lack of access to or failure of communications systems / equipment managed by the ACCC
Moderate (5) 1. All equipment is managed by the ACCC. Refer to ACCC risk policy in this regard
ACCC has appropriate controls in place.
Moderate (5)
14 Improper disclosure of information, including emails to Councillors
Moderate (5) 1. Contracts incorporate Commonwealth Government requirements 2. Arrangements for accepting and protecting confidential material in
place, including protocols for publishing applications and related material
3. Full listing of material relied upon included with every recommendation decision
4. Appropriate protection on Councillors’ electronic devices when using Blackberry, including passwords (see also item 7)
Council outputs developed under supervision of the Executive Director and reviewed by Council before release.
Councillors use password protection on electronic devices.
Moderate (5)
Page 17
NCC Risk Management Plan 2020
Risk Description of the risk Assessment of the threat posed
by the unmitigated risk
Risk mitigation action Timing of management
action
Assessment of the threat
posed after risk mitigation
action 15 Councillor injury or illness
due to workplace causes including official travel (work health and safety matters)
Low (6) 1. ACCC’s Work Health and Safety Policy addresses most risks relating to the physical work environment
2. Appropriate insurance arrangements in place (Comcare, Comcover) including coverage for councillors on official travel
3. Travel policy providing appropriate travel and accommodation arrangements in place
All controls in place, including annual review of insurance cover.
Low (6)
16 Councillor illness due to exposure to COVID-19 while on official duties
Low (6) 1. Appropriate insurance arrangements in place (Comcare and Comcover).
2. ACCC’s work health and safety policy addresses most risks relating to the physical work environment. This includes protocols for physical distancing in the office and meeting rooms, the availability of hand sanitisers and additional cleaning of the ACCC offices.
3. Since March 2020, Council meetings are held online via MS teams or teleconference rather than in the ACCC offices to limit Councillors’ exposure to COVID-19.
All controls in place, including annual review of insurance cover and payment of increased premiums to cover the effects of COVID-19 pandemic.
Low (6)
Page 19
NCC Risk Management Plan 2020
Appendix D Staff roles and responsibilities
Executive Director
Oversees the implementation of the Risk Management Plan
Ensures the ongoing review of risks and update of risk registers is performed under
supervision by the Council
Encourages a management climate which is aware of and supports risk management
Oversees development of processes to deal with new risk management issues
Ensures risk management controls and processes are built into strategic planning
processes
All ACCC staff who perform Council work
Identify new risk management issues and report problems to the Executive Director
in a timely and effective manner
Assist in developing processes to deal with new risk management issues
Page 20
NCC Risk Management Plan 2020
Appendix E Business continuity
The Council has no staff or offices under the MOU with the ACCC, and therefore relies upon the
ACCC’s business continuity plan in most respects (which also takes into account the NCC’s
business needs).
Continuation of IT services and legal services
All the Council’s IT services are managed by the ACCC. The ACCC server, which holds the
Council’s data, is backed up and stored offsite in Canberra. Accordingly, the risk of data loss is
minimised in the event of damage to the ACCC office premises or server. The risks of managing
these systems are met by the ACCC.
The Council purchases legal services using the APS Legal Services Multi-use List (or equivalent).
While bearing in mind possible conflicts of interest, the Council anticipates that it should have
little difficulty obtaining the legal services it needs from firms on the APS list.