4.1 The Department's risk management framework
Risk management is embedded in the Department's systems. Identifying and managing risks is part of the accountability of all managers and staff. Tools for risk management include role descriptions and delegations, environmental scans, project planning, the internal audit programme, and departmental policy and procedures on matters such as employment, health and safety, financial management and operational processes.
Both environmental scanning and risk management are incorporated into the monthly meetings of the General Management Team (the Director-General and the eight general managers). Each general manager runs a risk register for their own functional areas, and any critical risks are brought to the General Management Team meeting, and if appropriate placed on the General Management Team risk register.
The general managers also conduct a joint environmental scan at each meeting. This has two areas of focus: key issues relating to each general manager's functional area, and issues of a more global nature that general managers identify as relevant or potentially relevant to the Department overall. These issues are discussed and fed into decision-making as relevant. Three times each year, the General Management Team meets for two high level planning days. A more comprehensive environmental scan forms part of the planning days' agenda.
The Department has a Legislative Compliance Register, which identifies key legal risks with extreme consequences and a high likelihood of occurring. General managers, conservators, and managers in the Research, Development and Improvement Group are annually required to attest through a 'letter of representation' that the key legislative requirements within their areas of accountability have been complied with. General managers ensure issues are followed up, and where appropriate, a common approach is developed to related issues.
back to top
Internal audit
The Department's chief internal auditor reports to an independent Risk and Assurance Committee, which in turn provides advice to the Director-General to assist him to exercise oversight of the integrity of the Department's financial, accounting, internal control, risk management, and legislative compliance systems.
Risk management in annual work planning
The risk management system built into business planning specifies categories of risk specific to the Department's operating environment. Managers are required to identify potential risks and assess both the likelihood of the risk materialising (on a scale of 'almost certain' through to 'rare'), and the possible consequences if it does (on a scale of 'extreme' through to 'negligible').
Risks are managed by selecting the best option, considering the potential cost of the risks involved and the aim of achieving work plan outcomes. While it is expected that sometimes the only option will be high risk, the Department's proactive approach means that the appropriate amount of resources and management attention can be applied quickly to prevent, mitigate or respond to risk situations, should they occur.
Identifying and measuring risks, and developing mitigation options, are also part of the life cycle of any work plan, particularly when there is a major change in circumstances that will affect the work.
back to top