'/%3E%3C/svg%3E%0A)
'/%3E%3C/clipPath%3E%3C/defs%3E%3Cg id='Group_626' data-name='Group 626' transform='translate(2 2)'%3E%3Cg id='Group_625' fill='none' stroke='%232cb34a' stroke-width='1' clip-path='url(%23clip-path)' data-name='Group 625'%3E%3Cpath id='Rectangle_509' d='M0 0h20.014v15.403H0z' data-name='Rectangle 509' transform='translate(.1 .1)'/%3E%3Cpath id='Path_663' d='m20.513.5-10.006 9.548L.5.5' data-name='Path 663' transform='translate(-.4 -.4)'/%3E%3C/g%3E%3C/g%3E%3C/svg%3E%0A)
'/%3E%3C/svg%3E%0A)
When managing risk, most councils stick with the tried and tested. But in 2024, Mid-Western Regional Council took matters into its own hands. Identifying an opportunity to overhaul the Enterprise Risk Management Framework, it produced Risk Management Framework 2.1 — a standard that’s becoming a benchmark for other councils.
Mid-Western Council’s refresh redefines how councils tackle enterprise and strategic risks at a local government level. It also landed the council a finalist spot in the CivicRisk Mutual Excellence in Risk Management Awards. Let’s take a closer look at how Mid-Western Regional Council transformed a process overhaul into a practical, scalable model for risk maturity and resilience.
A Framework Fit for Modern Risks
The council’s existing Enterprise Risk Management Framework was serviceable. However, as the council identified, it lacked depth where it matters most: strategic risks. These are the big-ticket, future-shaping threats councils typically have the least control over, like policy changes, shifts in public sentiment or statewide reforms. The old framework bundled these alongside day-to-day enterprise risk, leaving leadership in a lurch when major issues emerged.
Mid-Western’s new Risk Management Framework 2.1 confronts this challenge head-on. Recognising a need for a dedicated management structure for strategic risks, the council introduced a system that assessed likelihood based on public discourse and potential government policy movements. Importantly, it aligned this with the Guidelines for Risk Management and Internal Audit, introducing consistency, structure and accountability across the board.
More Innovative Structures Mean Better Decisions
One of Framework 2.1’s features is its unapologetic departure from legacy guesswork. Where enterprise risk likelihood was once a calculation based on timing and frequency, the council pivoted to measuring risk likelihood against the strength of the control environment. In other words, if the controls are weak, the risk rating lifts. It’s clean, clear and actionable.
This approach sharpens decision-making and reduces the white noise in risk reporting. As a result, the council can now make real-time, risk-informed decisions — a critical capability in an environment where operational and reputational risks can escalate quickly.
Measuring What Matters
Moving beyond the tendency to assign a single category to each risk, Framework 2.1 mandates assessing each enterprise risk across four impact areas:
- Financial.
- Reputational.
- Health and safety.
- Regulatory and legal.
Even if a council cannot eliminate a risk, it can at least manage the potential damage more accurately. Each consequence type has a targeted mitigation plan, meaning the new consequence matrix statements are measurable. Council officers no longer have to manage risk based on instinct; they can use hard data.
Smarter Monitoring Increases Accountability
Mid-Western Regional Council integrated risk oversight as a living process with a strategy committed to proactive risk management and accountability. Framework 2.1 assigns monitoring and reviewing activities based on residual risk levels, meaning the bigger the risk, the tighter and more frequent the oversight.
This scalable monitoring system runs from the ground up:
- Monthly and annual reporting to the executive team.
- Quarterly reporting to the Audit, Risk and Improvement Committee.
Such a system ensures risk management is baked into all layers of council operations, with regular conversations taking place at the right levels. By embracing theories set out by Rod Farrer in a previous training, Mid-Western Regional Council has created a replicable framework other member councils can adopt.
Several councils at the recent Risk Forum at Port Macquarie (where Rod Farrer also presented) expressed interest, recognising that a well-managed risk program can lead to lower insurance claims, reduced premiums and increased resilience.
Key Takeaways Other Councils Can Borrow
Alongside a new risk management strategy, Mid-Western’s impact also unveils some high-level lessons for other councils:
- Separate your enterprise and strategic risk structures: They’re not the same animal.
- Replace likelihood calculations with control environment assessments: It’s faster, fairer and actionable.
- Assess risk across multiple consequence categories: Risks are multi-dimensional — your framework should be too.
- Align oversight with residual risk levels: The bigger the threat, the closer you watch it.
- Keep it measurable and report often: Transparency keeps teams focused and accountable.
Setting a New Benchmark
Mid-Western Regional Council’s Risk Management Framework 2.1 has lifted its risk maturity and aligned risk appetite with operational capability.
Mid-Western has shown what’s possible when councils refuse to settle by reconsidering risk management as an enabler, not just a protection mechanism. And as a finalist for the CivicRisk Mutual Excellence in Risk Management Awards, it has set a pathway for others to learn from.
