NSW Local Govt release Draft Guidelines for Risk Management and Internal Audit Framework

The Office of Local Government (OLG) NSW has released an updated ‘Draft Guidelines for Risk Management and Internal Audit Framework for Local Councils in NSW’. These draft guidelines, published in August 2021, are based upon a previous discussion paper issued in 2019 which had over 150 submissions from key stakeholders in the local government sector.

Key issues with the original paper raised by regional NSW Councils and internal audit practitioners appear to have been taken onboard with a number of significant changes and clarifications in the proposed guidelines. Resources including templates, examples, checklists and tools will also be provided for ARIC procedures, risk management and the internal audit function.

The key changes to the draft guidelines are summarised below:

Audit, Risk and Improvement Committees (ARIC)

• Implement an ARIC by June 2022;
• New tiered ARIC model for metropolitan, regional and rural/remote councils;
• Committee mix now allows for non-voting councillor members;
• Further clarity of the ARIC’s scope and level of assurance, while allowing for flexibility in the committee’s role;
• Reduced ARIC costs and reduced external review requirements; and
• ARIC member terms coincide with council terms and allow for longer maximum terms, with potential exemptions from term limits where smaller councils can’t find new ARIC members.

Risk Management

• More ‘principles-based’ approach and clarification on how risk management requirements apply to councils, and the role of internal audit and ARICs in risk management;
• New ability for shared arrangements for county councils and joint organisations to reduce costs; and
• More flexibility in implementation and workforce resourcing and more accountability by the council to the governing body and ARIC for risk management.

Internal Audit

• More ‘principles-based’ approach and clarification of dual reporting line to the ARIC and general manager;
• More flexibility to implement the internal audit function within the council’s existing organisational structure and attract internal audit staff based on the tiered model. Changes include:
  • Allowing for in-house and outsourced internal audit functions
  • Specific role title for the head of the internal audit function removed
  • Internal audit function can report to a staff member other than the general manager
  • Eligibility criteria for internal audit staff changed to requirement that they be able to fulfil their role
  • Ability to combine head of internal audit function role with any other role in council provided safeguards are met; and
• Shared arrangements simplified and performance review process streamlined to reduce costs.

‘Strongest framework’ for minimising financial risk

Minister for Local Government, Shelley Hancock, said the draft Guidelines for Risk Management and Internal Audit for Local Councils in NSW provides “the strongest framework in Australia for minimising financial risk, and preventing fraud and corruption in the sector.”

“The state’s 128 local councils would be required to establish a risk management framework and internal audit function to help improve overall organisation, performance and operations,” Mrs Hancock said.

“Under the reforms, every council in NSW will be required to appoint and operate an Audit, Risk and Improvement Committee made up of independent experts by June 2022 to ensure continuous improvement in governance and financial management, as well as accountability and transparency to local communities.

“These measures will help councils make better decisions and use of their resources, and improve the delivery of infrastructure, facilities and services communities need and expect,” she said.

Mrs Hancock said the draft guidelines include a tiered model for Audit, Risk and Improvement Committees to ‘reflect the different needs of metropolitan, regional and rural councils according to resourcing, risk profile, population and location.”

“The framework is based on the worldwide ‘three lines of defence’ model where independent experts provide advice, management takes action to properly manage risk, and staff work every day to identify and address risks,” Mrs Hancock said.

“Seventy per cent of NSW councils already conduct some form of risk management and 103 councils have an internal audit function. These guidelines will ensure consistency across the state in accordance with international standards and NSW Government practice, tailored to the unique structure and needs of local government,” she said.

The implementation timeline of these changes are as follows:

1. All councils must appoint an ARIC from 4 June 2022.
2. All councils have until 2024 to establish their risk management framework and internal audit function – attestation commences 2024.
3. Councils have until 2027 to ensure ARIC membership complies with the Guidelines, allowing councils to transition into the new membership requirements as and when membership of existing ARICs expire – attestation commences 2027.

If you’re considering implementing or strengthening your ARIC, risk management or internal audit functions, you may consider partnering with an external specialist who can take on or assist with these soon to be mandated requirements.

With decades of direct NSW Local Government experience across all functions of Council, combined with many years of internal audit experience, the dedicated Internal Audit Team at National Audits Group are well placed to provide expert assistance to your council. As approved Local Government Procurement (LGP218) suppliers we can be directly appointed, avoiding the time and cost of a formal tender process. Call our team on 1300 734 707 to find out more.