Risk Management, Audit and Internal Controls

All councils operate in uncertain and changing environments. Risk is defined as the effect of this uncertainty on a council’s ability to achieve its goals and objectives, where the effect is the potential for a result that is different to what was expected or planned for.

Risk management is an essential part of a council’s management and internal control framework. It looks at what risks the council may face and the best way to address these risks. Assessment and management of risk is central to determining internal audit activities.

Internal controls are any actions taken by a council to manage both the positive and negative impact of risk on the organisation and its community. Management has primary day-to-day responsibility for the design, implementation, and operation of internal controls.

Internal audit is an essential component of a good governance framework for all councils. It is a mechanism that a council uses to receive independent assurance that its internal controls and risk management is effective and that it is performing its functions legally, effectively and efficiently and to advise on how it can improve its performance.

Internal audit has no direct involvement in day-to-day operations. A council’s internal audit function reports to an audit and risk and improvement committee which provides independent advice to the council’s governing body and general manager on the performance and governance of the council.

From 4 June 2022, all councils and joint organisations are required to have an audit risk and improvement committee. Councils and joint organisations can share audit risk and improvement committees.

From 1 July 2024, all councils and joint organisations are required to have a risk management framework and an internal audit function.

The Office of Local Government has issued comprehensive Guidelines for Risk Management and Internal Audit for Local Government in NSW to assist councils and joint organisations to implement these requirements.

Governance Audit