Elected members are responsible for setting the strategic direction of their council. This includes all decisions that impact how a local government operates, and bearing the outcomes of those decisions.

We have headlined some advice and QAO’s resources that may be helpful for newly elected members to assist in decision making.

Making appropriate financial decisions

In your first few months as an elected member, you would have been responsible for adopting your council’s budget for the next financial year. Making informed financial decisions shapes the future of your council and your community – including the council’s financial sustainability.

Sometimes, it’s not possible to make decisions that both reflect all of the community’s priorities and the services your council can actually deliver within its available resources. It’s important to understand the impact of these decisions on your council’s operations – in the short term and long term.

Knowing what your community wants goes a long way in determining where you can spend financial resources appropriately. Many councils effectively and proactively consult with their community to understand its needs versus wants, and identify the level of rates and charges it requires to fund these services.

Our Service prioritisation tool, together with our blogs on Are you delivering the services your community values? and Delivering efficient and effective local government services, can support you in making informed financial decisions. The tool helps councils allocate funding to high-value services and prioritise the order of their service reviews.

Managing your assets to meet the needs of your community

Effective asset management has been a challenge for local governments for many years.

Good asset management relies on 3 key factors: strong leadership and governance, reliable systems, and knowledgeable staff. When these factors come together, they help councils effectively manage their assets to meet the needs of their community.

In our recent report, Improving asset management in local government (Report 2: 2023–24), we explain how these factors play an important role in establishing good asset management practices.

Further, in our blog How do leaders support strategic asset management?, we identify the role you have, as a leader, in contributing to asset management.

Understanding good governance

As an elected member, it’s also vital that you understand what good governance is. A strong governance structure that includes an effective audit committee and internal audit function promotes accountability and supports the achievement of strategic and operational objectives.

Over the years, in our reports to parliament, we have explained the importance of an effective audit committee and internal audit function. These 2 functions help councils ensure their internal controls are effective, that risk management and financial reporting processes are strong, and they resolve audit recommendations in a timely manner.

In our report, Local government 2020 (Report 17: 2020–21), we made a recommendation to the Department of Local Government to mandate audit committees. The State Development and Regional Industries Committee (a parliamentary committee), in its report Report 32: Examination of Auditor-General Reports on the local government sector, recognised the importance of our recommendation. It made a similar recommendation to parliament to mandate audit committees for all councils in Queensland.

We are also currently finalising our report into the effectiveness of audit committees in local government. This will be tabled in parliament in mid–late 2024 – keep an eye out for it.

Cyber risk is a real threat

Councils rely heavily on their information systems for their day-to-day operations, delivering a range of critical services to the public, such as water and sewerage services. Yet we continue to identify widespread weaknesses in councils’ information systems controls each year as a part of our audits.

The weaknesses we identify indicate vulnerability in councils’ internal controls, which may expose them to potential cyber attacks.

Ransomware appears to be one of the most common ways cyber attackers use to gain access to councils’ information systems. In 2023, a Queensland council became a victim of a cyber attack that used ransomware to lock electronic files through encryption and then demanded payment to unlock them. This was following another, similar ransomware attack on a different council in 2020.

Given this is a topical and important issue across all entities, including local governments, QAO has tabled 2 reports to help those charged with governance manage cyber risks and respond to a cyber attack in the event one occurs.

• In 2019, we tabled our report Managing cyber security risks (Report 3: 2019–20), in which we identified potential mitigation strategies that entities can adopt to secure themselves against cyber attacks. While these strategies help entities strengthen their information systems controls, they do not make entities immune to attacks.
• Recently, we tabled our report Responding to and recovering from cyber attacks (Report 12: 2023–24), discussing Queensland public sector entities’ preparedness to respond to and recover from a cyber attack. It provides information to help all entities proactively manage their cyber security risks, identify vulnerabilities, and ensure they can respond to an incident. This report also contains a case study (Case study 3) that explains the prolonged and costly consequences cyber incidents can have on local governments if they are not able to access the required response skills in a timely manner.

Both reports have valuable recommendations that your council should consider implementing to strengthen your information systems controls.

You can also listen in to our podcast Cyber risk: what do we do now?, where 2 of our senior directors and the Queensland Government Cyber Security Unit chat about what chief executives need to consider, including risk management, controls, and what to do if you experience an attack: www.qao.qld.gov.au/reports-resources/podcasts

In addition to the podcast, we have also published 2 checklists. One helps entities map where they do or do not hold relevant cyber capabilities, and councillors can use the other when planning how they respond to and recover from cyber security incidents.

Resources

In addition to the above, we have published several other better practice guides, checklists and tools; interactive dashboards; blogs; and reports to parliament that you may find useful. Some of these are listed below.