1. No category

Risk Management Report Risk Owner Assessment Period Ending

Risk Management Report
Risk Owner Assessment
Period Ending 30 September 2016
Heat Maps:
Residual Risk Position (where we are now):
EMERGING ISSUES
New risks identified within this quarter:
Target Consequence Insignificant Low iv Target Consequence Low v Target Risk Rating Insignificant Low v Develop a credit card summary spreadsheet for GRC credit card holders within the Parks and Environment division to complete on a monthly basis to minimise the risk of credit card fraud. Target Likelihood Residual Consequence Inherent Consequence Inherent Likelihood Residual Likelihood ‐
Possible Fraud Corporate Standard Target Risk Rating Target Likelihood Intentional misuse Proposed Mitigation/Control Actions Residual Risk Rating Likely ‐
‐
Insignificant Staff unaware of Corporate Standard around Credit Cards Existing Control Measures Likely ‐
Type of Risk Inherent Risk Rating Insignificant Misuse of Corporate Credit Cards Cause Likely Misuse of Corporate Credit Cards 32 Risk Description Responsible Area Risk Planning and Environment Risk Number Low v Loss of Portable and Attractive Assets ‐
‐
‐
Fraud Medium ii ‐
Lists in place, however they are not in a central system and no structured process for undertaking stocktakes Asset number has been used on some items and is not consistent Residual Consequence Residual Likelihood Inherent Consequence Existing Control Measures Proposed Mitigation/Control Actions Residual Risk Rating ‐
Insignificant Loss of Portable and Attractive Assets 33 Inherent Risk Rating Almost Certain ‐
Inconsistent management of assets Assets recorded in various lists and locations Numbering system is not always present Clear definition of what portable and attractive is needs to be defined Insignificant ‐
Type of Risk Inherent Likelihood Cause Almost Certain Risk Description Responsible Area Risk Planning and Environment Risk Number Medium ii Develop a portable and attractive management process within the Parks and Environment division to record, report and monitor these items, resulting in a portable and attractive assets register FULL REPORT
Responsible Area: Chief Executive Officer
Risk Number: 21
Loss or misuse of Council property resulting in financial loss to Council
Inherent Risk Rating:
High (ii)
Residual Risk Rating:
Medium (ii)
Existing Control Measures:
~ Business Improvement Committee
~ External Audit from QAO
~ Asset Register / Attractive Items
~ Purchasing System with delegations
~ Annual stock takes
~ Cash handling procedures
~ Adopted Code of Conduct with organisation wide awareness training
~ Development & Adoption of Fraud Control Plan/Policy
~ CCTV
~ New Supervisor Training
~ Development of Directorate Fraud Control Plans
Mitigation of Potential Risk:
~ Audit Plans - Annual Audit Plan, Strategic Audit Plan
Previous Period
Target Risk Rating:
September 2016
Low (iv)
Current Residual Risk Calculation:
Scheduled Action
NA
A lost and missing items register is being developed in
Sharepoint. Awaiting advice from IT in how to move forward.
Medium (ii)
Risk Number: 23
Exposure to Asbestos Containing Materials
Inherent Risk Rating:
Extreme (iv)
Residual Risk Rating:
Extreme (iv)
Target Risk Rating:
Extreme (i)
Existing Control Measures:
~ Asbestos Management Plan in place for Council.
~ Bi-Annual Asbestos Surveys conducted of all affected buildings.
~ Appropriate Risk Assessments, Safe Work Procedures, and Safe Work Method Statements in place to operationally deal with ACM matters.
~ OHS Coordinator holds Class B ACM Removal Licence to ensure internal removal is conducted at minimal cost to Council.
~ OHS Staff, Water Overseer, and Carpenter hold formal Asbestos Worker Certification to remove ACM.
~ Corporate Standard to operationally manage ACM risks within the organisation.
~ Local sampling, surveying, and testing procedure in place at Landfill and Transfer Station to manage exposures within Green Waste.
~ Appropriate PPE including Asbestos kits available to remove ACM.
~ Internal mapping system does have identification of some sewer pipe work that is constructed with ACM.
~ Checkpoint inspection of all loads at Landfill and Transfer Station to identify illegal ACM.
~ Employees on site at Landfill and Transfer Station at general waste area reviewing for signs of contamination.
Mitigation of Potential Risk:
~ Ensure that Council's mapping system is up to date to identify all water and sewerage assets that contain ACM are identified throughout the
region
~ Discontinue the current practice of making mulch available to the public. Mulch to remain on site and either buried or used as batter
control.
~ Public education of the importance of safe disposal of ACM at the Landfill, resulting in a possible reduction of illegal dumping.
~ Revise fees and charges to make regulated disposal of ACM affordable to reduce the likelihood of illegal dumping within the region.
~ Undertake a feasibility study (quantification work, plan and budget) for the removal of ACM within Council buildings.
Previous Period
September 2016
Current Residual Risk Calculation:
Progressing
NA
All treatments appear to be progressing well. Completion of
the current treatments is on track for the end of the financial
year.
Extreme (iv)
Responsible Area: Chief Financial Officer
Risk Number: 2
Poor financial management resulting in Council being unable to meet its obligations
Inherent Risk Rating:
High (iii)
Residual Risk Rating:
Medium (iii)
Existing Control Measures:
~ Staff qualifications are monitored by QAO
~ Council adopts a 10 year financial forecast including a 10 year capital plan
~ Monthly reporting
~ Debt recovery process
~ Business Improvement Committee
~ External audit by QAO
Mitigation of Potential Risk:
~ Ongoing monitoring of existing control measures
Previous Period
Target Risk Rating:
September 2016
Medium (iii)
Current Residual Risk Calculation:
Progressing
NA
Long term financial plan was reviewed and adopted as part
of the budget process, and the preparation of 2015/2016
annual accounts are on track.
Medium (iii)
Risk Number: 22
Performance Stability of Gladstone Airport Corporation
Inherent Risk Rating:
Medium (iii)
Residual Risk Rating:
Medium (iii)
Target Risk Rating:
Low (iv)
Existing Control Measures:
~ Quarterly review of performance agreements, budget and performance indicators in the Statement of Corporate Intent
Mitigation of Potential Risk:
~ Continual review of Corporate Performance Indicators
Previous Period
September 2016
Current Residual Risk Calculation:
Progressing
NA
Statement of Corporate Intent for 2016/2017 was received
by Council, and returned for amendment. The amendments
have been made and the document forms the primary
document for the performance management of Gladstone
Airport Corporation by Council.
Annual Financial Statements have been received and the
information consolidated into the draft financial statements
of Gladstone Regional Council.
Low (iv)
Responsible Area: Engineering Services
Risk Number: 1
Adequate allowance for whole of life costings of assets in forward budgets
Inherent Risk Rating:
High (i)
Residual Risk Rating:
Existing Control Measures:
~ Asset Management planning
Mitigation of Potential Risk:
~ Project estimates to include whole of life costs
Previous Period
High (i)
Target Risk Rating:
September 2016
Medium (iii)
Current Residual Risk Calculation:
Scheduled Action
NA
Being implemented as part of "ground-truthing" process for
developing project BIDS and IPP approval.
High (i)
Risk Number: 10
Failure to provide suitably licenced facilities for the disposal of waste
Inherent Risk Rating:
High (iii)
Residual Risk Rating:
Medium (iii)
Target Risk Rating:
Existing Control Measures:
~ Outsourcing of inspection works
~ Providing information and assistance to industry in respect to compliance obligations
~ Documentation of work procedures
~ Staff training
~ Subscription to notifications advising legislation changes
~ Improve and review strategic planning for waste management
Mitigation of Potential Risk:
~ Commence approval and design process for new facilities with sufficient lead time (20-25 years)
~ Investigation of converting waste to fuel
~ Investigation of outsourcing greenwaste to a third party
Previous Period
September 2016
Medium (ii)
Current Residual Risk Calculation:
Progressing
NA
 Unchanged from the previous review.
 If necessary commence sourcing and acquisition of
suitable land in 10 years.
 Commence approval and design process for new
Facilities with sufficient lead time 20 to 25 years.
 Investigations and synergy/partnering with fuel
conversion opportunities are a major player in the life of
the existing landfill
 Current investigations and development with interested
Waste Recovery Converters ie discussions between
potential partners are being developed and are ongoing,
Companies are seeking to enter into a MOU's for further
investigations and opportunities of Waste reuse.
 If a Waste resource reuse by resource conversion
develops the life of the current facility could potentially
extend out to 100 years or more.
 Some Waste recycling fuel refineries and associated
waste burners could lead to the current facility never
being fully utilised (except for perhaps the location of a
transfer station and or Waste recovery point).
Medium (iii)
Risk Number: 12
Cannot provide required transport infrastructure to meet predicted growth
Inherent Risk Rating:
High (i)
Residual Risk Rating:
Medium (iii)
Target Risk Rating:
Existing Control Measures:
~ Work with the State Government to improve planning across the region
~ Developer contributions
~ Major project impact policy
~ Some traffic modelling in place
~ Asset management planning
Mitigation of Potential Risk:
~ Completion and adoption of Council's Priority Infrastructure Plan for Transport, Water and Sewer
~ Appointment of staff to vacant positions
~ DTMR Transport Model (Gladstone Regional Strategic Transport Model)
~ Identification of Renewal Budget
Previous Period
September 2016
Medium (ii)
Current Residual Risk Calculation:
Progressing
NA
Councils newly adopted asset management system Assetic
and "My Predictor" provides direction in determining future
road renewals to be included in Councils Long Term Financial
Plan. The Urban Roads and Rural Roads Asset Management
Plans are in the final stages of development and will be
presented to Council for consideration and provide guidance
in managing assets. In addition Councils Local Government
Infrastructure Plan "LGIP" is continually reviewed to
determine the appropriate timing of upgrades to meet
current and future infrastructure demands.
Medium (ii)
Risk Number: 13
Service levels not seen as equitable across Region resulting in inefficient operational decisions
Inherent Risk Rating:
Medium (ii)
Residual Risk Rating:
Medium (ii)
Existing Control Measures:
~ Road hierarchies
~ Levels of service set internally
~ Works and maintenance program
~ Road inspections
~ Locally based staff
~ Customer Service system
~ Policy on rural road construction
~ Review of Asset Management System, Conquest
Mitigation of Potential Risk:
~ Level of Service Policy to be reviewed including defined intervention levels
Previous Period
Target Risk Rating:
September 2016
Low (iv)
Current Residual Risk Calculation:
Progressing
NA
Road Services have implemented a software program
"reflect" to manage defects associated with road, footpaths
and drainage assets. These defects are captured on android
tablets and from this maintenance programs are developed
to reconcile defects in accordance with our Level of Service
and intervention parameters. Expansion of this management
tool will progress through the course of 2016-2017 to
capture all Road Services related assets including- Bridges,
Boat Ramps, Jetties, Detention and Retention Basins. In
addition and by analysing data captured within "reflect" a
review will be undertaken of the current Level of Service and
where deemed appropriate, recommendations will be made
to Council to amend the Level of Service and intervention
levels.
Medium (ii)
Risk Number: 18
Strategic Planning Failure
Inherent Risk Rating:
High (i)
Residual Risk Rating:
Medium (iii)
Target Risk Rating:
Existing Control Measures:
~ Allocate funds as requested
~ Regularly review plans, make the plans well understood and available to a wide cross section of staff
~ Major project impact policy
~ Some traffic modelling in place
Mitigation of Potential Risk:
~ Completion and adoption of Council's Priority Infrastructure Plan for Transport, Water and Sewer
~ Gladstone Regional Council Transport Model (Gladstone Regional Strategic Transport Model)
~ Appointment of staff to vacant positions
Previous Period
September 2016
Medium (ii)
Current Residual Risk Calculation:
Progressing
Council officers are currently updating the interim LGIP as a
result of a third party review.
The Minister has granted an extension until December 2017
for the Full LGIP to be adopted into the Planning Scheme.
Anticipated date for this to occur is 30 June 2017.
NA
Without an LGIP in place, Council will be unable to levy
charges against developments.
The transport model is a tool Council officers will utilise as
part of the transport modelling associated with the LGIP. This
is under Council officers review and will be finalised prior to
30 June 2017.
Medium (ii)
Risk Number: 19
Infrastructure Project Delivery
Inherent Risk Rating:
High (ii)
Residual Risk Rating:
Medium (ii)
Target Risk Rating:
Existing Control Measures:
~ Development of Long Term Financial Plan
~ Division of project planning and design, and project construction into two processes
~ Adequate development contributions
~ Strategic infrastructure planning
~ Appointment of Project Management Coordinator to Engineering Services
Mitigation of Potential Risk:
~ Completion and adoption of Council's Project Management System
~ Completion and adoption of Council's Priority Infrastructure Plan for Transport, Water and Sewer
Previous Period
September 2016
Low (iv)
Current Residual Risk Calculation:
Progressing
NA
Project Methodology is constantly being updated to suit
changing conditions, such as legal, environmental, risks,
improvements, policy changes and to ensure best business
practices are in place.
Medium (ii)
Risk Number: 20
Asset Maintenance
Inherent Risk Rating:
High (ii)
Residual Risk Rating:
Medium (ii)
Existing Control Measures:
~ Well defined minimum expectations
~ Asset management system and plans
~ Well defined funding requirements
~ Quality control of asset development
~ Ability to provide resources necessary to deliver expectations
~ Development of Long-Term Financial Plan
~ Community education on minimum standards acceptable to Council
~ Major project impact policy
~ Development of Traffic Modelling
~ Development of Water and Sewerage Modelling
~ Experienced staff to carry out inspections
~ Works order system
~ Footpath inspection program
~ Road condition assessments
Mitigation of Potential Risk:
~ Update Asset Management Plans and Asset Management Strategy
~ Review Long Term Financial Plan and its regular update
~ Adoption of Low Cost Seal Strategy
~ Network Level Safety Assessment of Local Roads of Regional Significance
Previous Period
Target Risk Rating:
September 2016
Low (iv)
Current Residual Risk Calculation:
Progressing
NA
Financial valuations being completed to meet financial
auditing targets and requirements by end of October 2016.
More attention to above mitigation actions to follow.
Low (iv)
Risk Number: 24
Construction of Structures within Creeks and Streams
Inherent Risk Rating:
Medium (iii)
Residual Risk Rating:
Medium (iii)
Target Risk Rating:
Low (iv)
Existing Control Measures:
~ Floodway renewal program - identification of floodways that require renewal for inclusion in Long Term Financial Plan and constructed to
Council's standard drawings which requires minimal culvert installations.
Mitigation of Potential Risk:
~ Review of Floodway Renewals based on Road Hierarchy basis to determine type of floodway to be constructed either with or without culverts
and therefore meeting environmental conditions.
Previous Period
September 2016
Current Residual Risk Calculation:
Progressing
NA
Officers are currently investigating our desired outcomes
when upgrading/renewing existing floodways, this is being
done while considering our Road Hierarchy, environmental
obligations and stream classifications. These factors
significantly influence the type of structure to be built and
associated costs. Once assessed a policy/standard will be
tabled for Council to consider which will guide future
floodway upgrade/renewals within Councils Long Term
Financial Plan.
Low (iv)
Risk Number: 26
Failure to meet design demands for timely delivery of Integrated Project Planning (IPP)
Inherent Risk Rating:
High (ii)
Residual Risk Rating:
High (ii)
Existing Control Measures:
Nil
Mitigation of Potential Risk:
~ Re-structure of design unit, including more designers and senior designers
~ Improved work prioritisation
~ Standardisation of design, systems and processes
Previous Period
Target Risk Rating:
September 2016
Low (iv)
Current Residual Risk Calculation:
Progressing
NA
Design unit has been restructured. Senior Design Engineer
appointed and scheduled to start in November.
High (ii)
Responsible Area: Planning and Environment
Risk Number: 3
Ageing assets (playgrounds) and inefficient maintenance programs resulting in potential legal, financial and reputation exposure to Council
Inherent Risk Rating:
Medium (ii)
Residual Risk Rating:
Low (iv)
Target Risk Rating:
Existing Control Measures:
~ Staff Training
~ Inclusion of playgrounds in the asset register
~ Documentation of work procedures
~ Development of playground strategy
~ Reviews of development applications lodged and requiring certifications and 12 month inspection programs
~ Development of Playground Policy and Corporate Standard
Mitigation of Potential Risk:
~ 25 year Playground Replacement Plan
~ Regular inspections of all playgrounds to be undertaken by training staff
Previous Period
September 2016
Low (iv)
Current Residual Risk Calculation:
Completed Within Target
As per the existing Control Measures:
~ Staff training
6 Staff within the Parks & Environment Division are qualified to undertake Level 2
Operational Inspections quarterly and these staff attend mandatory training every
3 years in Level 2 Operational Inspections of Children's Playgrounds.
~ Inclusion of playgrounds in the asset register
As a project is completed be capital or maintenance the Parks Technical Services
Coordinator provides all infrastructure details to the Technical Officer - Assets for
removal of any disposed assets and the inclusion of any new or replaced asset on
Council's Asset Management System.
~ Documentation of work procedures
Council staff are continuing with the weekly visual inspection checklists which have
been implemented for all 3 areas (Gladstone City/Mount Larcom/Yarwun, South
East and South West Areas). This checklist has been implemented to mitigate
potential risks with Council's playground elements and softfall areas. Tasks
undertaken during this weekly inspection include the visual inspection of each
piece of play equipment, removal of litter, sticks, foreign objects from the softfall
area, raking the softfall so there is an even thickness of material covering the play
equipment. Inspectors are able to report graffiti and any non-conformances or
maintenance requirements on the playground equipment.
NA
The weekly visual inspections are undertaken in each area on a Monday & Tuesday
and again later in the week (Thursday or Friday) for the highly utilised playgrounds,
ready for weekend use. Non-conformances or maintenance requirements are then
recorded into customer service requests to be attended to and the checklist
registered into ECM. In the event that parts are not available immediately, the
playground is isolated to prevent access until the repairs have been undertaken.
The regular inspection and on the spot repairs are well established with the staff
and documentation is being recorded weekly. The treatments/controls meet the
Australian Standards for play, and believe these are adequate. The risk is ongoing
as Council provides playgrounds in "unsupervised" play environments, so there will
always be a risk from unknown vandalism and unsuitable use by the public.
~ Development of playground strategy
Council adopted its Playground Policy in August 2014 which sets out guidelines for
the provision of all Council playgrounds. The Provision and Maintenance of
Playgrounds Corporate Standard was approved in September 2014 with Parks
Hierarchy attached.
~ Reviews of development applications lodged and requiring certifications and 12
month inspection programs
Each February Council engages an independent auditor to undertake the annual
inspection of all playground elements and softfall in the region. From the report
provided, budgetary considerations are determined and Council's 25 Year
Playground Replacement Program updated.
The risk can now be made inactive as the current control measures have been
working effectively for the past 3 years and the risks are being managed
accordingly.
Low (iv)
Risk Number: 32
Misuse of Corporate Credit Cards
Inherent Risk Rating:
Low (v)
Residual Risk Rating:
Low (v)
Target Risk Rating:
Low (iv)
Existing Control Measures:
~ Corporate Standard
Mitigation of Potential Risk:
~ Develop a credit card summary spreadsheet for GRC credit card holders within the Parks and Environment division to complete on a
monthly basis to minimise the risk of credit card fraud.
Previous Period
September 2016
Current Residual Risk Calculation:
Completed Within Target
NA
Credit card summary spreadsheet developed and all credit
card holders within the division use it on a monthly basis or
as required.
Low (iii)
Risk Number: 33
Loss of Portable and Attractive Assets
Inherent Risk Rating:
Medium (ii)
Residual Risk Rating:
Medium (ii)
Target Risk Rating:
Low (v)
Existing Control Measures:
~ Lists in place, however they are not in a central system and no structured process for undertaking stocktakes
~ Asset numbering has been used on some items and is not consistent
Mitigation of Potential Risk:
~ Develop a portable and attractive management process within the Parks and Environment division to record, report and monitor these
items, resulting in a portable and attractive assets register.
Previous Period
September 2016
Current Residual Risk Calculation:
Progressing
NA
Current list needs to be checked and updated before moving
data across into a central system. Outcomes from the
Portable and Attractive Council wide meeting need to be
incorporated into the treatment plan for this risk.
Low (iv)
Responsible Area: Corporate and Community Services
Risk Number: 16
Malicious Mobile Access
Inherent Risk Rating:
High (i)
Residual Risk Rating:
Medium (iii)
Existing Control Measures:
~ Users are responsible for keeping their devices safe and secure
~ Current access is limited to email only
Mitigation of Potential Risk:
~ Ongoing monitoring of existing control measures
Previous Period
Target Risk Rating:
September 2016
Medium (iii)
Current Residual Risk Calculation:
Progressing
NA
No additional safeguards for Mobile devices other than
security upgrades to existing products have been made
available since the last review. As such the risk level remains
current and has been accepted as is.
Medium (iii)
Risk Number: 17
Failure of ICT operations
Inherent Risk Rating:
Existing Control Measures:
High (iv)
Residual Risk Rating:
High (iii)
Target Risk Rating:
High (iii)
Corporate Server Failure:
~ Backup power, lighting and generators
~ Servers connected to different UPS power supplies
~ Secure facilities encased in concrete and brick. Resistance to flooding, storm and fire damage.
~ Fibre Optics used internally to limit impact of electrical storm damage
~ Hardware spares available
~ Use of clustered virtual environment for non DB servers
~ Software / system rollback capabilities in virtual environment
~ Software / hardware support contract with remote access capability
~ Server backup systems implemented
~ Antivirus systems implemented
Failure of Gladstone-Calliope Fibre Link:
~ Cable route is clearly marked in most areas
~ Additional protection to cable in field (under existing water main infrastructure in some locations)
~ Cable buried up to 2m deep in areas of potential activity
~ Dial-before-you-dig policy for other service providers
~ Regular maintenance program being implemented
Core Server Room Failure:
~ Backup power and lighting
~ Multiple independent air-conditioning systems
~ Backup generators
~ Secure facilities encased in concrete and brick.
~ Resistance to flooding, storm and fire damage (of computer room)
~ Fibre Optics used internally to limit impact of electrical storm damage
~ Alternative server room
~ Local spares held on site
~ Fibre Optic links to Telstra and external sites
~ Provision of CCTV cameras near air-conditioning and generators
Crippling Virus Attack:
~ Email filters with antivirus
~ Web traffic filters
~ Corporate antivirus software
~ Monitoring of antivirus deployments
~ File Server Resource Management to selectively block specified file types in corporate data stores
~ External Penetration Testing program to identify weaknesses
~ Firewall restriction policies
~ Internet use policy
~ User education programs
Core Firewall Failure:
~ Backup power, lighting and generators
~ Secure facilities encased in concrete in brick. Resistance to flooding, storm and fire damage
~ Multiple independent air-conditioning systems
~ Restricted access to firewalls (local access only)
~ Access to alternative hardware
~ Software support contracts
~ Alternative gateway
~ Fibre Optics used internally to limit impact of electrical storm damage
~ Backup power in most data rooms
~ All VOIP switches located in data rooms
~ Migrating switches to PoE power where possible to ensure power is retained (until UPS failure occurs)
~ Independent VOIP connections (to Telstra) at a number of sites to limit extent of outage
~ Service covered under Telstra high priority maintenance contract
~ Power redundancy upgrades in the Calliope data centre
~ Upgrade to Council's core firewalls
Mitigation of Potential Risk:
Previous Period
~ Installation of redundant failover link between Gladstone and Calliope (backup to existing fibre optic link)
~ Virtualise all core Server infrastructure for failover and data redundancy and to reduce datacentre footprint
September 2016
Current Residual Risk Calculation:
Progressing
NA
Negations stalled between the external provider for use of
dark fibre since last report however discussions are set to
continue from mid-October. Dark fibre is the preferred option
for link failover between Gladstone and Calliope and
continues to be the primary focus of risk treatment in this
instance.
Server virtualisation and failover treatments are still in place
that protect the resiliency of Council's network infrastructure.
Due to the nature of ICT business, risks and associated
safeguards are ever evolving and as such the risk level
remains current and accepted as is.
High (iii)

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz