Vincents for Individuals
Vincents for SME
Vincents for Corporate
Vincents for Government
Vincents for NFP
Back to Insights

How to Implement an Effective Risk Management Program: A Comprehensive Guide for Councils


The landscape of local government operations in New South Wales is set for significant change with the recent amendments to the Local Government (General) Regulation 2021. These changes, set to take effect on 1 July 2024, mandate all councils and joint organisations to establish a risk management framework, an internal audit function and adhere to prescribed membership requirements for audit risk and improvement committees. This article outlines the key components of these regulatory changes and provides guidance on implementation.

Changes to The Local Government (General) Regulation

The Local Government (General) Regulation 2021 now mandates that all councils and joint organisations must have:

  • A risk management framework,
  • An internal audit function, and ​
  • Prescribed membership requirements for audit, risk and improvement committees. ​

As of 1 July 2024, councils and joint organisations are required to comply with these requirements and attest to their compliance in their annual reports, starting with the 2024/25 annual report.

Risk Management​

The Local Government Regulation specifies the following requirements for risk management:​

  • From 1 July 2024, councils must adopt and implement a framework for identifying and managing risk (section 216S). ​
  • A council’s audit, risk and improvement committee must keep the implementation of the council’s risk management framework under review and provide advice to the council on its operation and effectiveness (section 216S). 

Why is Risk Management critical?

Legislative pressures to implement risk management may dilute the importance and benefits of it.

Risk management is effectively a decision-making tool​ that, when properly implemented, highlights the risks associated with specific decisions to the attention of the decision maker. 

What can Risk Management help with?

  • Strategic decision-making​
  • Organisational development​
  • Business case ​
  • Operation activities​
  • Workplace health and safety​
  • Investment decisions

To maximise these benefits, risk management must be fully integrated into the organisation’s decision-making processes.

​For this to happen, the entire organisation’s understanding of the risk management framework needs to be standardised. This will enable you to take your organisation on its risk management maturity journey​.

Issue vs Risk

Issues: An ISSUE is something that happens all the time. ​We may not want it to happen, but if it does, there are established policies and procedures to handle it.

Risks: A RISK is a potential event that you do not want to happen. Mitigating strategies should be in place to:

  • Prevent it from happening, and
  • React appropriately should it happens.

Types of Risks

Strategic Risks

Strategic risks are external to the Council and often beyond its control.​ If they occur, they can force a change in the Council’s strategic direction. ​


  • Changes in legislation​
  • Climate change​
  • The next pandemic

Operational Risks ​

Operational risks can be internal or external to the Council. ​If they occurred, they would impact business-as-usual activities. ​


  • Staff turnover​
  • Failure to meet budget​
  • Lack of resources

Project Risks

Project risks are specific risks associated with projects undertaken by the Council and/or its contractors.  These risks exist at every stage and must be identified and managed.


  • Exceeding budget​
  • Project delays​
  • Scope changes

Watch our webinar with Pulse software to understand how you can implement an effective risk management program

Vincents and Pulse Software have partnered to bring a three-part webinar series that addresses the key requirements of the framework to ensure you are prepared for the changes. You can watch our second webinar in the series, ‘How to Implement an Effective Risk Management Program’ below:

If you would like to access our slides on how to implement an effective risk management program, you can download them here.

Disclaimer: The content of this article is general in nature and is presented for informative purposes. It is not intended to constitute tax or financial advice, whether general or personal nor is it intended to imply any recommendation or opinion about a financial product. It does not take into consideration your personal situation and may not be relevant to circumstances. Before taking any action, consider your own particular circumstances and seek professional advice. This content is protected by copyright laws and various other intellectual property laws. It is not to be modified, reproduced or republished without prior written consent.

Sign up to get access to Vincents Insights