TPP12-03c Risk Management Toolkit for the NSW Public Sector: Volume 2
Southland DLE risk register
Note: This register was prepared as at March 2012
| ID A2 A3 |
Assessment By: Date (M/YR): Exec Team 3/12 Exec Team 3/12 |
Risk description Government response to changing community needs causes a mismatch between Southland DLE’s organisational capability and new service delivery requirements, resulting in negative impact on all Southland DLE objectives Ageing and obsolete IT infrastructure causes IT systems to be hacked, resulting in inappropriate use and loss of sensitive information |
Impacts (consequence type) SERVICE PERFORMANCE LEGAL/COMPLIANC E REPUTATION AND IMAGE FINANCIAL |
Risk owner Comm. ADG CS |
Worst case Current Residual Worst case Current Residual |
Ratings C L V High Likely Med Likely V High AC V High Pos V High Rare |
RISK Major Mod Ex Major Mod |
Accept ? No Yes No No |
Controls/risk treatment Description (Owner) Forward workforce planning Targeted recruitment strategies Training matrix for workforce Review and revision of training needs (SUP HRM) Firewall and virus software User access controls User ID and password policy Routine penetration testing (MAN Exec Res and Inf) Upgrade IT Systems (ADG CS) |
Effect Yes No Yes |
Review and reporting requirements Review the effectiveness of the controls through annual frontline officer and specialist roles skills audit Quarterly reporting to the Executive of progress against project milestones and budget Reporting of firewall breaches to ADG CS |
44
| A5 ID Assessment Risk description By: Date (M/YR): A4 Exec Team 3/12 Findings of widespread corruption in other jurisdictions creates a negative association for Southland DLE as a law enforcement agency, resulting in loss of reputation, heightened scrutiny and lower internal morale |
Exec Team |
3/12 | Questions about the performance and effectiveness of Southland DLE’s activities raised by the Parliamentary Accounts Committee causes a perception that the Department does not present good value to the community, resulting in an adverse impact to our budget position |
REPUTATION AND IMAGE FINANCIAL Impacts (consequence type) Risk owner REPUTATION AND IMAGE Comm. Worst case Med Current Low Residual |
ADG CS | Worst case Current |
High Med |
Likely Likely Mod Likely Min Yes Major |
Ratings Controls/risk treatment Review and reporting requirements C L RISK Accept ? Description (Owner) Effect No Recruit psychological testing program, induction program, governance (incl. whistleblower) programs (MAN Educ Serv) Yes Quarterly report to the Executive on reported incidents of suspected fraud or corruption, and/or access to whistleblower program |
No | Performance management systems in place to monitor outputs against objectives on a quarterly basis. Performance measures are reviewed and updated annually Executive monitoring of budget against performance criteria (crime statistics, road safety, community measure, etc.) Twice-yearly assessment to identify opportunities for improvement and/or reallocation of resources (DIR Strat. Plan.) |
Yes | Reporting as directed through the strategic plan, reporting as directed through community performance metrics |
| Pos Mod Yes Residual |
TPP12-03c Risk Management Toolkit for the NSW Public Sector: Volume 2 45
| 1.2 ID Assessment Risk description Impacts (consequence type) Risk owner By: Date (M/YR): A6 Exec Team 3/12 Increasing age of frontline officers and an imbalance between retirements compared to recruitments causes a skill shortage across frontline policing roles, resulting in the inability to provide frontline policing SERVICE PERFORMANCE ADG CS A7 Exec Team 3/12 Poor communication has led to a mismatch between the community’s perception of public safety and real crime rates, resulting in a drop in Southland DLE’s reputation as an effective policing authority REPUTATION AND IMAGE ADG FO |
Exec Team |
3/12 | Poorly delivered road safety awareness campaign causes the road safety education program to fail, resulting in Southland DLE missing road safety improvement targets |
SERVICE PERFORMANCE |
ADG RS | Worst case Current High Residual |
High Ratings C L RISK Accept ? Worst case V High Likely Major No Current V High Pos Major No Residual V High Rare Mod Yes Worst case Med Pos Mod No Current Med Pos Mod No Residual Med Rare Min Yes |
Pos Rare |
Mod Mod |
No Yes |
Service provider agreement with performance metrics in place Independent program evaluation to assess effectiveness (DIR PA) Controls/risk treatment Review and reporting requirements Description (Owner) Effect Development of workforce planning strategy to bring forward recruitment numbers and reskill non-frontline officers to frontline positions Targeted recruitment strategies to include socially diverse groups (SUP HRM) Yes Report quarterly to the Executive on workforce planning strategy progress Report quarterly to the Executive on workforce retention statistics Consider and develop incentive schemes (SUP HRM) Yes Community education and communication strategy about serious crime rates and impact (DIR PA) No Review community education strategy annually Report to the Executive on communication strategy performance every six months Report to the Executive on community safety measures following each survey Improve communication of strategy to stakeholders Monitor community response and modify strategy accordingly Yes |
Yes | Review service provider agreement performance criteria annually Report to the Executive quarterly on road safety performance statistics |
TPP12-03c Risk Management Toolkit for the NSW Public Sector: Volume 2 46
| ID Assessment Risk description Impacts (consequence type) Risk owner Southland DLE’s inability to fill specialist analyst REPUTATION AND IMAGE |
By: Date (M/YR): 2.1 Exec Team 3/12 |
cybercrime, to be overlooked, resulting in greater community concern about potential incidents roles causes a new or emerging threat, e.g. |
PERFORMANCE SERVICE SERVICE DELIVERY DISRUPTION |
ADG SO |
Current Residual V High |
V High Ratings C L Worst case V High AC |
Pos Major | RISK Accept ? Ex No |
No | Establishment of specialty units with skill and experience in emerging threats such as cybercrime Develop alliances with national and international assessment and investigation bodies (ADG SO) Controls/risk treatment Description (Owner) Staff access to national training programs, formal and/or informal sharing of information across jurisdictions (ADG SO) |
Yes Effect Yes |
and national/international alliances establishing specialty units, Review and reporting requirements Monthly emerging threat assessment report to the Executive Report on progress in |
| Rare Mod Yes AC Major No |
||||||||||||
| 3.1 Exec Team 3/12 Ageing IT infrastructure causes Southland DLE’s communication systems to fail and they are non |
resulting in the inability to deliver effective policing services to the community operational for a number of hours, |
ADG FO Worst case High Current High |
Residual | High | Rare AC |
Mod Major No |
Yes | Southland DLE Business Continuation Plan (CRO) No Reduce the level of risk through an investment in upgrading the IT system for communications (ADG CS) Yes |
failures to ADG Corporate Services communication systems Report on annual BCP testing Quarterly reporting to the Executive on progress against project milestones and budget Reporting of |
TPP12-03c Risk Management Toolkit for the NSW Public Sector: Volume 2 47
| ID Assessment Risk description Impacts (consequence type) The inability to gain government support for the policy allowing REPUTATION AND IMAGE |
By: Date (M/YR): 3.2 Exec Team 3/12 |
school crossings causes greater strain on frontline policing resources, resulting in a reduction in policing services to the volunteers to ‘police’ community Changes in population demographics across Southland, which are |
SERVICE PERFORMANCE REPUTATION AND IMAGE |
ADG FO Risk owner Worst case |
Current Residual Med |
Med Ratings C L Med AC |
Pos Pos Mod Yes |
Mod RISK Mod |
No Accept ? No |
Investigate alternative policies that allow a transfer of school crossing duties to non uniformed officers or other strategies that do not require changes to legislation Controls/risk treatment Description (Owner) Undertake stakeholder focus group meetings throughout affected community (DIR CE) |
Yes Effect No |
Report to the Executive on alternative strategies project quarterly Review and reporting requirements Report from project steering group to the Executive on status of |
| 3.3 Exec Team 3/12 |
strategy, result in Southland DLE frontline policing becoming ineffective for local communities DLE’s policing not considered in |
PERFORMANCE SERVICE |
ADG FO | Current Worst case Residual |
High High Med |
Pos Likely Pos |
Mod Major No Mod Yes |
No | Implement mobile policing into regional areas Undertake recruitment programs within socially diverse groups Offer incentives for officers to relocate to regional areas (SUP HR) Workforce-planning strategy assesses socio-demographic changes in the community (SUP HR) |
Yes Yes |
Executive on workforce retention statistics Annual report to the Executive on Southland’s demographic mix and changes by specialist Report quarterly to the Executive on workforce planning strategy progress Report quarterly to the |
TPP12-03c Risk Management Toolkit for the NSW Public Sector: Volume 2 48
| ID Assessment Risk description Impacts (consequence type) Risk owner Ratings Controls/risk treatment By: Date (M/YR): C L RISK Accept ? Description (Owner) SERVICE PERFORMANCE REPUTATION AND ADG FO Worst case V High Pos Major No Public education campaign on emergency and non emergency numbers Regular testing of technology for redirecting calls and updating as required Staff training and development for handling calls Current Med Pos Mod Yes Residual |
3.4 Exec Team 3/12 Lack of community understanding about the role of the ‘000’ emergency hotline causes an increase in non-urgent calls, resulting in an increase in emergency call receipt times IMAGE 4.2 Exec Team 3/12 Insufficient skills and budget to increase levels of skilled staff and retrain staff in new forensic SERVICE PERFORMANCE REPUTATION AND IMAGE |
increase in challenges over quality of trial evidence, poor judicial outcomes, reduced morale, and the inability to attract and retain incident investigation and forensic evidence staff resulting in an technology division causes a failure to take advantage of improvements in forensic technology, |
ADG SO Worst case High AC Major No Current High Likely Major No |
Residual | High | Pos | Mod | Yes organisations (DIR Foren.Inv.Unit) |
Resource forensic specialists and provide training to current forensic and investigations staff in leading-edge technologies (DIR Foren.Inv.Unit) No Report to the Executive on progress in creating and filling staff specialist roles Report to the Executive on strategic partnerships as they are agreed to Seek strategic partnerships with high-performing forensics Yes |
Review and reporting requirements Effect Yes Report quarterly to the Executive on call receipt statistics |
TPP12-03c Risk Management Toolkit for the NSW Public Sector: Volume 2 49