Risk management is integral to achieving the department’s objectives. It enables us to take advantage of opportunities while understanding and managing potential threats to promote innovation and improve the department’s performance.
The department’s Risk Management Framework 2018–20 aims to keep building our risk management capability as we continue to develop a risk culture that is innovative, agile and resilient. The department has adopted an organisation wide risk management approach, which is designed to ensure that risk is managed in an integrated and purposeful way and is well understood.
The framework sets out a systematic approach to guide how risk management is embedded across the department for all business operations and staff at all levels. The department’s business planning process cascades from objectives in the department’s strategic plan through to divisional plans, operational plans and individual performance plans.
To grow the department’s risk management maturity and capability this is achieved through various strategies including a greater consultative approach and tailored, fit-for-purpose tools and templates designed to:
- build organisational risk capability such that risk awareness is part of the mind-set
- embed risk management into business processes and performance management such that risk thinking adds value
- drive better knowledge management to improve performance.
The Executive Board is responsible for determining and reviewing risk appetite and tolerance levels and the department’s performance in managing risks.
The Assurance and Audit Committee considers the appropriateness of the risk management framework, adequacy of procedures and overall effectiveness of risk management systems and processes, including providing independent advice and assurance to the Executive Board.
Periodic risk reviews are undertaken with reporting through departmental governance structures.
The framework is consistent with the Commonwealth Risk Management Policy, and designed in accordance with the Australian and New Zealand Risk Management Standard ISO 31000:2009, Risk management—principles and guidelines.