All councils operate in uncertain and changing environments. Risk is defined as the effect of this uncertainty on a council’s ability to achieve its goals and objectives, where the effect is the potential for a result that is different to what was expected or planned for. Internal controls are any actions taken by a council to manage both the positive and negative impact of risk on its community.

The Local Government Act 1993 requires all councils to appropriately manage its risks. The NSW Government’s Internal Audit Guidelines encourage all councils in NSW to have a structured risk management framework in place to identify any known and emerging risks they face and implement controls to manage these risks.

The Internal Audit Guidelines also recommend that the content of each council’s risk management framework be guided by Australian risk management standards (link below). NSW Treasury has also issued a Risk Management Toolkit (link below) that provides useful guidance to councils on how to implement its own risk management framework.