Risk Management - Embedding the process into council decision-making

Published on 19 March 2026

By David Royston-Jennings | Regional Risk & Resilience Coordinator

Queensland councils hold Ordinary Meetings to conduct the regular, scheduled business of the local government. The purpose of these meetings is to facilitate the effective governance of the local area through structured discussion, decision-making, and oversight, ensuring that the council’s actions reflect community needs and legislative requirements.

Each local government administration prepares reports for Ordinary Meetings in its own way, dependent on the desired type and amount of information elected members require to make an informed decision, and subject to the skill and capability of those responsible for preparing reports.

Reports are generally structured with various headings, such as an overview of the subject matter, factors which may impact or be impacted upon by the circumstance, and a recommendation on how the council ought to proceed. This will typically include implications to council finances, relationship to council strategy, and potential resources required.

Additionally, it is not uncommon for risk management to feature as a subheading to such reports. However, the application of this section often leaves a lot to be desired. As someone who regularly reviews the agenda for various councils Ordinary Meetings, this section is often complete with the words ‘nil’ or ‘not applicable’, which I find concerning since risk is inherent in every action and decision we make. More concerning is that this practice must be considered acceptable by those reading the agenda and making decisions in the absence of the risks being properly presented, as the issue persists year after year.

Why it’s important

Integrating risk management into council meeting reports is critical, as it underpins responsible governance, enhances decision-making, ensures transparency, and ultimately protects the community’s interests. It transforms risk from an overlooked aspect into a strategic tool that supports sustainable and resilience local government operations.

By incorporating a risk assessment into a council meeting report, elected members are provided with a comprehensive understanding of potential challenges and uncertainties associated with proposals or projects. This enables more informed decisions that balance benefits with potential risks, leading to better outcomes for all involved.

How to do it

A risk assessment is a systematic process used to identify, analyse and evaluate potential threats and opportunities which could impact upon an organisation, project or activity. It is a tool used to support decision-making by providing an overview of uncertainties, ensuring that risks are addressed proactively.

Does a report to a council meeting not also provide this function? Is it not merely a collection of information provided to elected members for the purpose of ensuring they have all the context and analysis required to make a prudent decision in the interest of the community? Risk management is so often seen as an additional task or even chore but it is inherent in everything we do, including when we prepare reports to council, whether we explicitly or overtly categorise it as such or not.

That being said, for simplicity and convenience, I would encourage all councils to at a minimum include a subheading in their report templates for a risk assessment.

Due to the varied nature of services provided and decisions required of council, not all matters put to council will require a comprehensive analysis of every aspect of what is being proposed or considered. Council should decide for itself what matters warrant and require a detailed risk assessment (e.g. a major project undertaken by the council), a rudimentary overview of risks involved, or no risk assessment at all (e.g. if a matter is being presented to council for information rather than decision). Guidance on what level of risk assessment, or whether a risk assessment is required, should be documented in councils Risk Management Framework and reflected in the report template.

For those rudimentary matters that require an overview of the risks involved, rather than a multi-page A3 excel spreadsheet breaking down every minute detail, my recommendation is to include a table similar to the below:

This is an extract from a public agenda for an Ordinary Meeting of the Blackall-Tambo Regional Council.

The table refers to the various categories of risk council assesses, in accordance with its Risk Management Framework, and includes a risk tolerance for each category (e.g. Council is only willing to tolerate low risks in the financial category). Officers preparing reports are then able to provide brief remarks summarising risks involved for each category, if applicable, and then provide a rating for the risks associated with each category. By incorporating the colour coding, this also provides the reader of the report with an instant understanding of if there is anything high risk relating to the matter which should be brought to their attention for discussion.

Ordinary meetings are where decisions are made. To ensure elected members are making the best decisions possible, they need to be provided with all the relevant information and analysis to do so. Risk management provides the mechanism through which that can be achieved consistently and in the community interest.